Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4712 | 1 Php Handicapper | 1 Php Handicapper | 2008-09-05 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. | |||||
| CVE-2005-4779 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 3.6 LOW | N/A |
| verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs. | |||||
| CVE-2005-4814 | 1 Middlebury College | 1 Segue Cms | 2008-09-05 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory. | |||||
| CVE-2005-4716 | 1 Hitachi | 2 Tpi Net Library, Tpi Server Base | 2008-09-05 | 5.0 MEDIUM | N/A |
| Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid data to a port used by a system-server process, and (2) cause a denial of service (process failure) via invalid data to a port used by any of certain other processes. | |||||
| CVE-2005-4782 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 4.9 MEDIUM | N/A |
| NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is compiled with "options DIAGNOSTIC," allows local users to cause a denial of service (kernel assertion panic) via a negative linger time in the SO_LINGER socket option. | |||||
| CVE-2005-4783 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 2.1 LOW | N/A |
| kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory. | |||||
| CVE-2005-4784 | 1 Austin Group | 1 Posix | 2008-09-05 | 5.6 MEDIUM | N/A |
| Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib. | |||||
| CVE-2005-4668 | 1 Parosproxy | 1 Parosproxy | 2008-09-05 | 4.6 MEDIUM | N/A |
| The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845. | |||||
| CVE-2005-4789 | 1 Suse | 1 Suse Linux | 2008-09-05 | 2.1 LOW | N/A |
| resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level. | |||||
| CVE-2005-4673 | 1 Inicom Networks | 1 Ioftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2005-4792 | 1 Phpwebsite | 1 Phpwebsite | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4645 | 1 3cfr | 1 3cfr | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter. | |||||
| CVE-2005-4738 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.5 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. | |||||
| CVE-2005-4739 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.8 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action. | |||||
| CVE-2005-4737 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 7.5 HIGH | N/A |
| IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared. | |||||
| CVE-2005-4736 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.8 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | |||||
| CVE-2005-4586 | 1 Phpsurveyor | 1 Phpsurveyor | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts. | |||||
| CVE-2005-4740 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 4.0 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." | |||||
| CVE-2005-4741 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 7.5 HIGH | N/A |
| NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. | |||||
| CVE-2005-4690 | 1 Six Apart | 1 Movable Type | 2008-09-05 | 2.1 LOW | N/A |
| Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can be used in conjunction with CVE-2005-3102 to create or overwrite arbitrary files of all types. | |||||
| CVE-2005-4742 | 1 Pavel Kankovsky | 1 Echelog | 2008-09-05 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors. | |||||
| CVE-2005-4587 | 1 Juniper | 1 Netscreen-security Manager 2004 | 2008-09-05 | 7.8 HIGH | N/A |
| Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port). | |||||
| CVE-2005-4689 | 1 Six Apart | 1 Movable Type | 2008-09-05 | 5.0 MEDIUM | N/A |
| Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie. | |||||
| CVE-2005-4788 | 1 Suse | 1 Suse Linux | 2008-09-05 | 2.1 LOW | N/A |
| resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices." | |||||
| CVE-2005-4688 | 1 Punbb | 1 Punbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session. | |||||
| CVE-2005-4687 | 2 F-art Agency, Punbb | 2 Blog Cms, Punbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. | |||||
| CVE-2005-4669 | 1 Rt Internet Solutions | 1 Rt Internet Solutions Webadmin | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||||
| CVE-2005-4692 | 1 Mroovca | 1 Mroovca Stats | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5b has unknown attack vectors and impact, related to cookies. | |||||
| CVE-2005-4691 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 2.1 LOW | N/A |
| imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page. | |||||
| CVE-2005-4693 | 1 Gaim-encryption | 1 Gaim-encryption | 2008-09-05 | 5.0 MEDIUM | N/A |
| Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c. | |||||
| CVE-2005-4578 | 1 Hitachi | 1 Business Logic | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form. | |||||
| CVE-2005-4787 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2008-09-05 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue." | |||||
| CVE-2005-4130 | 1 Realnetworks | 1 Realplayer | 2008-09-05 | 7.5 HIGH | N/A |
| ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED. | |||||
| CVE-2005-4442 | 1 Openldap | 1 Openldap | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2005-4296 | 1 Appserv Open Project | 1 Appserv | 2008-09-05 | 7.8 HIGH | N/A |
| AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request. | |||||
| CVE-2005-4412 | 1 Citrix | 1 Program Neighborhood Client | 2008-09-05 | 2.1 LOW | N/A |
| Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field. | |||||
| CVE-2005-4396 | 1 Icms Content Management Systems | 1 Icms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | |||||
| CVE-2005-4422 | 1 Toenda Software Development | 1 Toendacms | 2008-09-05 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums. | |||||
| CVE-2005-4423 | 1 Phpfm | 1 Phpfm | 2008-09-05 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell." | |||||
| CVE-2005-4276 | 1 Westell | 1 Versalink | 2008-09-05 | 7.8 HIGH | N/A |
| Westell Versalink 327W allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4275 | 1 Scientific Atlanta | 1 Dpx2100 Cable Modem | 2008-09-05 | 7.8 HIGH | N/A |
| Scientific Atlanta DPX2100 Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD), as demonstrated using hping2. NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4339 | 1 Blackboard | 1 Academic Suite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page. | |||||
| CVE-2005-4404 | 1 Media2 Cms | 1 Media2 Cms Shop | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x allows remote attackers to execute arbitrary SQL commands via the item parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | |||||
| CVE-2005-4257 | 1 Linksys | 4 Befw11s4, Befw11s4 V3, Befw11s4 V4 and 1 more | 2008-09-05 | 7.8 HIGH | N/A |
| Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | |||||
| CVE-2005-4256 | 1 Asp-dev | 1 Xm Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. In addition, its accuracy is in question because "forum_title" does not appear to be specified in the source code for XM Forum RC3. It is possible, but not certain, that this is CVE-2004-2211. | |||||
| CVE-2005-4204 | 1 Logisphere | 1 Logisphere | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS. | |||||
| CVE-2005-4174 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 7.5 HIGH | N/A |
| eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used. | |||||
| CVE-2005-4173 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 5.0 MEDIUM | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. | |||||
| CVE-2005-4341 | 1 Blackboard | 1 Academic Suite | 2008-09-05 | 5.0 MEDIUM | N/A |
| Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure. | |||||
| CVE-2005-4172 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 5.0 MEDIUM | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message. | |||||