Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-1784 1 Hosting Controller 1 Hosting Controller 2008-09-05 7.5 HIGH N/A
Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.
CVE-2005-1865 1 Vincent Hor 1 Calendarix Advanced 2008-09-05 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
CVE-2005-2142 1 Kmint21 Software 1 Golden Ftp Server 2008-09-05 2.1 LOW N/A
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.
CVE-2005-2141 1 Jollybox.de 1 Tcp Chat 2008-09-05 5.0 MEDIUM N/A
TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow.
CVE-2005-2136 1 Raritan 1 Dominion 2008-09-05 4.6 MEDIUM N/A
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.
CVE-2005-2135 1 Etoshop 1 Dynamic Biz Website Builder Quickweb 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters.
CVE-2005-1877 1 Lpanel 1 Lpanel 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter.
CVE-2005-2080 1 Symantec Veritas 1 Backup Exec 2008-09-05 7.5 HIGH N/A
Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server.
CVE-2005-2079 1 Symantec Veritas 1 Backup Exec 2008-09-05 7.5 HIGH N/A
Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.
CVE-2005-2078 1 Sofotex 1 Bisonftp 2008-09-05 2.1 LOW N/A
BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.
CVE-2005-2031 1 Socialmpn 1 Socialmpn 2008-09-05 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php.
CVE-2005-2029 1 Amarok 1 Web Frontend 2008-09-05 7.5 HIGH N/A
amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file.
CVE-2005-2027 1 Enterasys 1 Vertical Horizon-2402s 2008-09-05 5.0 MEDIUM N/A
Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry.
CVE-2005-2026 1 Enterasys 1 Vertical Horizon-2402s 2008-09-05 7.5 HIGH N/A
Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges.
CVE-2005-2019 1 Freebsd 1 Freebsd 2008-09-05 5.0 MEDIUM N/A
ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions.
CVE-2005-2017 1 Symantec 1 Norton Antivirus 2008-09-05 10.0 HIGH N/A
Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540.
CVE-2005-1972 1 Interactivephp 1 Fusionbb 2008-09-05 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 Beta and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username, which is not properly handled by the insertUser function, or (2) the bb_session_id value in a cookie.
CVE-2005-1971 1 Interactivephp 1 Fusionbb 2008-09-05 7.5 HIGH N/A
Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter.
CVE-2005-1970 1 Symantec 1 Pcanywhere 2008-09-05 7.2 HIGH N/A
Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.
CVE-2005-1961 1 Objectweb 1 Consortium C-jdbc 2008-09-05 4.6 MEDIUM N/A
Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user.
CVE-2005-1960 1 C.j. Steele 1 Tattle 2008-09-05 7.5 HIGH N/A
The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username.
CVE-2005-1959 1 Jammail 1 Jammail 2008-09-05 7.5 HIGH N/A
jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute arbitrary commands via shell metacharacters in the mail parameter.
CVE-2005-1923 1 Clam Anti-virus 1 Clamav 2008-09-05 2.6 LOW N/A
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
CVE-2005-1922 1 Clam Anti-virus 1 Clamav 2008-09-05 5.0 MEDIUM N/A
The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.
CVE-2005-1917 1 Kpopper 1 Kpopper 2008-09-05 2.1 LOW N/A
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.
CVE-2005-1908 1 Perception 1 Liteweb 2008-09-05 7.5 HIGH N/A
Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL.
CVE-2005-1904 1 Jiro 1 Jiro Upload System 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) 1 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2005-1897 1 Flexcast 1 Flexcast Audio Video Streaming Server 2008-09-05 10.0 HIGH N/A
Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors.
CVE-2005-1975 1 Annuaire 1 1two 2008-09-05 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php.
CVE-2005-1886 1 Yapig 1 Yapig 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment.
CVE-2005-1885 1 Yapig 1 Yapig 2008-09-05 5.0 MEDIUM N/A
view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message.
CVE-2005-1884 1 Yapig 1 Yapig 2008-09-05 6.4 MEDIUM N/A
Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter.
CVE-2005-1883 1 Yapig 1 Yapig 2008-09-05 5.0 MEDIUM N/A
global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter.
CVE-2005-1859 1 Sgi 1 Propack 2008-09-05 7.2 HIGH N/A
Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array.
CVE-2005-1858 1 Fuse 1 Fuse 2008-09-05 2.1 LOW N/A
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
CVE-2005-1856 1 Sukria 1 Backup Manager 2008-09-05 2.1 LOW N/A
The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack.
CVE-2005-1855 2 Debian, Sukria 2 Debian Linux, Backup Manager 2008-09-05 2.1 LOW N/A
Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.
CVE-2005-1843 1 Adobe 1 Version Cue 2008-09-05 4.6 MEDIUM N/A
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument.
CVE-2005-1842 1 Adobe 1 Version Cue 2008-09-05 2.1 LOW N/A
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack.
CVE-2005-1841 1 Adobe 1 Acrobat Reader 2008-09-05 2.1 LOW N/A
The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it.
CVE-2005-1824 1 Gnu 1 Mailutils 2008-09-05 7.5 HIGH N/A
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
CVE-2005-2101 1 Kde 1 Kde 2008-09-05 5.0 MEDIUM N/A
langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.
CVE-2005-1820 1 Zeroboard 1 Zeroboard 2008-09-05 7.5 HIGH N/A
zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function.
CVE-2005-1811 1 Mybulletinboard 1 Mybulletinboard 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile.
CVE-2005-1803 1 Net Portal Dynamic System 1 Net Portal Dynamic System 2008-09-05 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php.
CVE-2005-1802 1 Nortel 9 Contivity, Vpn Router 1010, Vpn Router 1050 and 6 more 2008-09-05 5.0 MEDIUM N/A
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
CVE-2005-1799 1 Freestyle 2 Wiki, Wikilite 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-1798 1 Serverscheck 1 Monitoring Software 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
CVE-2005-1781 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2008-09-05 5.0 MEDIUM N/A
Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).
CVE-2005-1780 1 Dotnetindex 1 Active News Manager 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password.