Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3143 | 1 4d | 1 Webstar | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2. | |||||
| CVE-2005-3144 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2008-09-05 | 5.0 MEDIUM | N/A |
| httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service via long HTTP headers. | |||||
| CVE-2005-3145 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2008-09-05 | 5.0 MEDIUM | N/A |
| httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service (resource consumption) by connecting to sblim-sfcb but not sending any data. | |||||
| CVE-2005-3146 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2008-09-05 | 2.1 LOW | N/A |
| StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-3147 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2008-09-05 | 2.1 LOW | N/A |
| StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information. | |||||
| CVE-2005-3148 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2008-09-05 | 4.6 MEDIUM | N/A |
| StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership. | |||||
| CVE-2005-3150 | 1 Weex | 1 Weex | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames. | |||||
| CVE-2005-3151 | 1 Blender | 1 Blender | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument. | |||||
| CVE-2005-3070 | 1 Hylafax | 1 Hylafax | 2008-09-05 | 3.6 LOW | N/A |
| HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file. | |||||
| CVE-2005-3155 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-3069 | 1 Hylafax | 1 Hylafax | 2008-09-05 | 2.1 LOW | N/A |
| xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file. | |||||
| CVE-2005-3068 | 1 Eric Integrated Development Environment | 1 Eric Integrated Development Environment | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Eric Integrated Development Environment (eric3) before 3.7.2 has unknown impact and attack vectors related to a "potential security exploit." | |||||
| CVE-2005-3160 | 1 Php Fusion | 1 Php Fusion | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters. | |||||
| CVE-2005-3163 | 1 Polipo | 1 Polipo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root. | |||||
| CVE-2005-3165 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients. | |||||
| CVE-2005-3166 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. | |||||
| CVE-2005-3167 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2005-3168 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 7.5 HIGH | N/A |
| The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. | |||||
| CVE-2005-3175 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 7.2 HIGH | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. | |||||
| CVE-2005-3176 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 7.5 HIGH | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. | |||||
| CVE-2005-3177 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2008-09-05 | 4.6 MEDIUM | N/A |
| CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. | |||||
| CVE-2005-3064 | 1 Multitheftauto | 1 Multitheftauto | 2008-09-05 | 5.0 MEDIUM | N/A |
| MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt). | |||||
| CVE-2005-3279 | 1 Jan Kybic | 1 Bitmap Viewer | 2008-09-05 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option. | |||||
| CVE-2005-3238 | 1 Sun | 1 Solaris | 2008-09-05 | 2.1 LOW | N/A |
| Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors. | |||||
| CVE-2005-3251 | 1 Gallery Project | 1 Gallery | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter. | |||||
| CVE-2005-3254 | 1 Nathan Neulinger | 1 Cgiwrap | 2008-09-05 | 10.0 HIGH | N/A |
| The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems. | |||||
| CVE-2005-3255 | 1 Nathan Neulinger | 1 Cgiwrap | 2008-09-05 | 5.0 MEDIUM | N/A |
| The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs. | |||||
| CVE-2005-3040 | 1 Tac | 1 Vista | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface (ISALogin.dll) for TAC Vista 4.0, and possibly other versions before 4.3, allows remote attackers to read arbitrary files via ".." sequences in the Template parameter. | |||||
| CVE-2005-3039 | 1 Mall23 | 1 Mall23 | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter. | |||||
| CVE-2005-3038 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 allows remote attackers to list and read contents of arbitrary drives, related to "the PHP vulnerability." | |||||
| CVE-2005-3037 | 1 Handy Address Book | 1 Handy Address Book Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Handy Address Book Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the SEARCHTEXT parameter in a demos URL. | |||||
| CVE-2005-3268 | 1 Raphael Bossek | 1 Yiff Server | 2008-09-05 | 2.1 LOW | N/A |
| yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files. | |||||
| CVE-2005-3270 | 1 Symantec | 1 Norton Antivirus | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. | |||||
| CVE-2005-3277 | 1 Hp | 1 Hp-ux | 2008-09-05 | 10.0 HIGH | N/A |
| The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473. | |||||
| CVE-2005-3281 | 1 Nukefixes | 1 Nukefixes | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter. | |||||
| CVE-2005-3282 | 1 Splatt | 1 Splatt Forum | 2008-09-05 | 7.5 HIGH | N/A |
| Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authentication via unknown vectors. | |||||
| CVE-2005-3284 | 1 Ahnlab | 3 Myv3, V3net, V3pro 2004 | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. | |||||
| CVE-2005-3285 | 1 Comersus Open Technologies | 1 Comersus Backoffice Plus | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters. | |||||
| CVE-2005-3287 | 1 Rockliffe | 1 Mailsite Express | 2008-09-05 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory. | |||||
| CVE-2005-3288 | 1 Rockliffe | 1 Mailsite Express | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message. | |||||
| CVE-2005-3289 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file. | |||||
| CVE-2005-3291 | 1 Stani | 1 Stanis Python Editor | 2008-09-05 | 4.6 MEDIUM | N/A |
| Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files. | |||||
| CVE-2005-3292 | 1 Xeobook | 1 Xeobook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>. | |||||
| CVE-2005-3036 | 1 Ttxn | 1 File Transfer Anywhere | 2008-09-05 | 4.6 MEDIUM | N/A |
| File Transfer Anywhere 3.01 stores sensitive password information in plaintext in the PASS value in the "File Transfer Anywhere" registry key, which allows local users to gain privileges. | |||||
| CVE-2005-3035 | 1 Compuware | 1 Driverstudio | 2008-09-05 | 5.0 MEDIUM | N/A |
| Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to cause a denial of service (reboot) via a UDP packet sent directly to port 9110. | |||||
| CVE-2005-3034 | 1 Compuware | 1 Driverstudio | 2008-09-05 | 7.5 HIGH | N/A |
| Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to bypass authentication via a null session. | |||||
| CVE-2005-3033 | 1 Cambridge Computer Corporation | 1 Vxweb | 2008-09-05 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2005-3032 | 1 Cambridge Computer Corporation | 1 Vxtftpsrv | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TFTP request with a long filename argument. | |||||
| CVE-2005-3031 | 1 Cambridge Computer Corporation | 1 Vxftpsrv | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute arbitrary code via a long USER name. | |||||
| CVE-2005-3017 | 1 Content2web | 1 Content2web | 2008-09-05 | 4.3 MEDIUM | N/A |
| PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS). | |||||