Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3167 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2005-3166 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. | |||||
| CVE-2005-3165 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients. | |||||
| CVE-2005-3163 | 1 Polipo | 1 Polipo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root. | |||||
| CVE-2005-3160 | 1 Php Fusion | 1 Php Fusion | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters. | |||||
| CVE-2005-3151 | 1 Blender | 1 Blender | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument. | |||||
| CVE-2005-3150 | 1 Weex | 1 Weex | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames. | |||||
| CVE-2005-3104 | 1 Six Apart | 1 Movable Type | 2008-09-05 | 2.6 LOW | N/A |
| mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments. | |||||
| CVE-2005-3093 | 1 Nokia | 2 3210, 7610 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer. | |||||
| CVE-2005-3091 | 1 Mantis | 1 Mantis | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp". | |||||
| CVE-2005-3087 | 1 Securew2 | 1 Securew2 | 2008-09-05 | 5.0 MEDIUM | N/A |
| The SecureW2 3.0 TLS implementation uses weak random number generators (rand and srand from system time) during generation of the pre-master secret (PMS), which makes it easier for attackers to guess the secret and decrypt sensitive data. | |||||
| CVE-2005-3086 | 1 Contentserv | 1 Contentserv | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter. | |||||
| CVE-2005-3085 | 1 Riverdark Studios | 1 Rss Syndicator Module | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Riverdark Studios RSS Syndicator module 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) forum or (2) topic parameters. | |||||
| CVE-2005-3084 | 1 Sony | 1 Playstation Portable | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image. | |||||
| CVE-2005-3081 | 1 Wzdftpd | 1 Wzdftpd | 2008-09-05 | 4.6 MEDIUM | N/A |
| wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command. | |||||
| CVE-2005-3075 | 1 Mpc-donkey | 1 Zengaia | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Zengaia before 0.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-3074 | 1 Rsyslog | 1 Rsyslogd | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and before 1.10.1 allows remote attackers to execute arbitrary SQL commands via crafted syslog messages. | |||||
| CVE-2005-3064 | 1 Multitheftauto | 1 Multitheftauto | 2008-09-05 | 5.0 MEDIUM | N/A |
| MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt). | |||||
| CVE-2005-3039 | 1 Mall23 | 1 Mall23 | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter. | |||||
| CVE-2005-3038 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 allows remote attackers to list and read contents of arbitrary drives, related to "the PHP vulnerability." | |||||
| CVE-2005-3037 | 1 Handy Address Book | 1 Handy Address Book Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Handy Address Book Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the SEARCHTEXT parameter in a demos URL. | |||||
| CVE-2005-3036 | 1 Ttxn | 1 File Transfer Anywhere | 2008-09-05 | 4.6 MEDIUM | N/A |
| File Transfer Anywhere 3.01 stores sensitive password information in plaintext in the PASS value in the "File Transfer Anywhere" registry key, which allows local users to gain privileges. | |||||
| CVE-2005-3014 | 1 Ensim | 1 Webppliance | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ensim webplliance allows remote attackers to inject arbitrary web script or HTML via the Login (OCW_login_username) field. | |||||
| CVE-2005-3012 | 1 Simplecdr-x | 1 Simplecdr-x | 2008-09-05 | 2.1 LOW | N/A |
| The MasterDataCD::createImage function in masterdatacd.cpp for SimpleCDR-X 1.3.3 creates the .temp temporary directory with insecure permissions, which allows local users to read sensitive ISO images. | |||||
| CVE-2005-3010 | 1 Cutephp | 1 Cutenews | 2008-09-05 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php. | |||||
| CVE-2005-2940 | 1 Microsoft | 1 Antispyware | 2008-09-05 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. | |||||
| CVE-2005-2939 | 1 Vmware | 1 Workstation | 2008-09-05 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | |||||
| CVE-2005-2935 | 1 Microsoft | 1 Antispyware | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. | |||||
| CVE-2005-3174 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. | |||||
| CVE-2005-3173 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. | |||||
| CVE-2005-3170 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 5.1 MEDIUM | N/A |
| The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. | |||||
| CVE-2005-3169 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. | |||||
| CVE-2005-2869 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. | |||||
| CVE-2005-2770 | 1 Wrq | 1 Wrq Reflection For Secure It Windows Server | 2008-09-05 | 7.5 HIGH | N/A |
| WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. | |||||
| CVE-2005-2771 | 2 F-secure, Wrq | 2 F-secure Ssh Server, Wrq Reflection For Secure It Windows Server | 2008-09-05 | 10.0 HIGH | N/A |
| WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied. | |||||
| CVE-2005-2799 | 1 Linksys | 1 Wrt54g | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request. | |||||
| CVE-2005-2676 | 1 Coppermine | 1 Coppermine Photo Gallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. | |||||
| CVE-2005-2677 | 1 Acnews | 1 Acnews | 2008-09-05 | 5.0 MEDIUM | N/A |
| ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server. | |||||
| CVE-2005-2807 | 1 Frox | 1 Frox | 2008-09-05 | 7.2 HIGH | N/A |
| frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option. | |||||
| CVE-2005-2551 | 1 Novell | 1 Edirectory | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. | |||||
| CVE-2005-2808 | 1 Frox | 1 Frox | 2008-09-05 | 7.5 HIGH | N/A |
| frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts. | |||||
| CVE-2005-2588 | 1 Dvbbs | 1 Dvbbs | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp. | |||||
| CVE-2005-2589 | 1 Linksys | 1 Wrt54gs | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption. | |||||
| CVE-2005-2600 | 1 Ilia Alshanetsky | 1 Fudforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter. | |||||
| CVE-2005-2850 | 1 Whitsoft Development | 1 Slimftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error. | |||||
| CVE-2005-2601 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp. | |||||
| CVE-2005-2602 | 1 Mozilla | 2 Firefox, Thunderbird | 2008-09-05 | 2.6 LOW | N/A |
| Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. | |||||
| CVE-2005-2607 | 1 Phpsimplicity | 1 Simplicity Of Upload | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters. | |||||
| CVE-2005-2679 | 1 Sysinternals | 1 Process Explorer | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a running process. | |||||
| CVE-2005-2851 | 1 Smb4k | 1 Smb4k | 2008-09-05 | 2.1 LOW | N/A |
| smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files. | |||||