Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2867 | 1 Bluewhalecrm | 1 Bluewhalecrm | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BlueWhaleCRM allows remote attackers to execute arbitrary SQL commands via the Account ID field. | |||||
| CVE-2005-2655 | 1 Maildrop | 1 Maildrop | 2008-09-05 | 10.0 HIGH | N/A |
| lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. | |||||
| CVE-2005-2807 | 1 Frox | 1 Frox | 2008-09-05 | 7.2 HIGH | N/A |
| frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option. | |||||
| CVE-2005-2656 | 1 Polygen | 1 Polygen | 2008-09-05 | 2.1 LOW | N/A |
| Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities. | |||||
| CVE-2005-2600 | 1 Ilia Alshanetsky | 1 Fudforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter. | |||||
| CVE-2005-2601 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp. | |||||
| CVE-2005-2761 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message. | |||||
| CVE-2005-2602 | 1 Mozilla | 2 Firefox, Thunderbird | 2008-09-05 | 2.6 LOW | N/A |
| Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. | |||||
| CVE-2005-2605 | 1 Omnipilot Software | 1 Lasso Professional Server | 2008-09-05 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags. | |||||
| CVE-2005-2607 | 1 Phpsimplicity | 1 Simplicity Of Upload | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters. | |||||
| CVE-2005-2748 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 2.1 LOW | N/A |
| The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application. | |||||
| CVE-2005-2746 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages. | |||||
| CVE-2005-2658 | 1 Softwolves Software | 1 Turquoise Superstat | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month. | |||||
| CVE-2005-2608 | 1 Safehtml | 1 Safehtml | 2008-09-05 | 4.3 MEDIUM | N/A |
| SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML. | |||||
| CVE-2005-2609 | 1 Vegadns | 1 Vegadns | 2008-09-05 | 5.0 MEDIUM | N/A |
| index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter. | |||||
| CVE-2005-2610 | 1 Vegadns | 1 Vegadns | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2005-2745 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information. | |||||
| CVE-2005-2914 | 1 Linksys | 1 Wrt54g | 2008-09-05 | 7.5 HIGH | N/A |
| ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. | |||||
| CVE-2005-2612 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 7.5 HIGH | N/A |
| Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie. | |||||
| CVE-2005-2200 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication. | |||||
| CVE-2005-2526 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2008-09-05 | 5.0 MEDIUM | N/A |
| CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection. | |||||
| CVE-2005-2525 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2008-09-05 | 5.0 MEDIUM | N/A |
| CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt). | |||||
| CVE-2005-2524 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2008-09-05 | 5.0 MEDIUM | N/A |
| Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site. | |||||
| CVE-2005-2523 | 1 Apple | 2 Mac Os X, Weblog Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-2522 | 1 Apple | 2 Mac Os X, Safari | 2008-09-05 | 5.1 MEDIUM | N/A |
| Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file. | |||||
| CVE-2005-2521 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-2520 | 1 Apple | 1 Mac Os X | 2008-09-05 | 2.1 LOW | N/A |
| The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords. | |||||
| CVE-2005-2519 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.2 HIGH | N/A |
| slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges. | |||||
| CVE-2005-2518 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | |||||
| CVE-2005-2517 | 1 Apple | 2 Mac Os X, Safari | 2008-09-05 | 2.6 LOW | N/A |
| Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site. | |||||
| CVE-2005-2516 | 1 Apple | 2 Mac Os X, Safari | 2008-09-05 | 7.5 HIGH | N/A |
| Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2005-2515 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required. | |||||
| CVE-2005-2514 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code. | |||||
| CVE-2005-2513 | 1 Apple | 1 Mac Os X | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields. | |||||
| CVE-2005-2512 | 1 Apple | 2 Mac Os X, Mail | 2008-09-05 | 2.1 LOW | N/A |
| Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak. | |||||
| CVE-2005-2511 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window. | |||||
| CVE-2005-2510 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 4.6 MEDIUM | N/A |
| The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator. | |||||
| CVE-2005-2509 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 2.1 LOW | N/A |
| Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts. | |||||
| CVE-2005-2508 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 4.6 MEDIUM | N/A |
| dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts. | |||||
| CVE-2005-2507 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | |||||
| CVE-2005-2506 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates. | |||||
| CVE-2005-2504 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.2 HIGH | N/A |
| The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid. | |||||
| CVE-2005-2501 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.6 HIGH | N/A |
| Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file. | |||||
| CVE-2005-2486 | 1 Portailphp | 1 Portailphp | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_forum/read_message.php in PortailPHP allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php with the affiche parameter set to "Forum-read_mess", a different vulnerability than CVE-2005-1701. | |||||
| CVE-2005-2505 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation. | |||||
| CVE-2005-2401 | 1 Php Fusion | 1 Php Fusion | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag. | |||||
| CVE-2005-2394 | 1 Cutephp | 1 Cutenews | 2008-09-05 | 5.0 MEDIUM | N/A |
| show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter. | |||||
| CVE-2005-2393 | 1 Cutephp | 1 Cutenews | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php. | |||||
| CVE-2005-2391 | 1 3com | 1 3crwe454g72 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface. | |||||
| CVE-2005-2389 | 1 Symantec Veritas | 2 Netbackup Enterprise Server, Netbackup Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference. | |||||