Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1941 | 1 Silvercity | 1 Silvercity | 2008-09-05 | 3.7 LOW | N/A |
| SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | |||||
| CVE-2005-1914 | 1 Centericq | 1 Centericq | 2008-09-05 | 2.1 LOW | N/A |
| CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file. | |||||
| CVE-2005-1962 | 1 Cerberus | 1 Cerberus Helpdesk | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. | |||||
| CVE-2005-1911 | 1 Leafnode | 1 Leafnode | 2008-09-05 | 5.0 MEDIUM | N/A |
| The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang while waiting for input that never arrives, which allows remote NNTP servers to cause a denial of service (news loss). | |||||
| CVE-2005-1910 | 1 Wwweb Concepts | 1 Events System | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2005-1908 | 1 Perception | 1 Liteweb | 2008-09-05 | 7.5 HIGH | N/A |
| Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL. | |||||
| CVE-2005-1904 | 1 Jiro | 1 Jiro Upload System | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) 1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1963 | 1 Cerberus | 1 Cerberus Helpdesk | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message. | |||||
| CVE-2005-1964 | 1 Cantico | 1 Ovidentia | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in utilit.php for Ovidentia Portal allows remote attackers to execute arbitrary PHP code via the babInstallPath parameter. | |||||
| CVE-2005-1897 | 1 Flexcast | 1 Flexcast Audio Video Streaming Server | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors. | |||||
| CVE-2005-2080 | 1 Symantec Veritas | 1 Backup Exec | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server. | |||||
| CVE-2005-2079 | 1 Symantec Veritas | 1 Backup Exec | 2008-09-05 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-1782 | 1 W.m.r. Simpson | 1 Bookreview | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE. | |||||
| CVE-2005-2078 | 1 Sofotex | 1 Bisonftp | 2008-09-05 | 2.1 LOW | N/A |
| BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument. | |||||
| CVE-2005-1975 | 1 Annuaire | 1 1two | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php. | |||||
| CVE-2005-1853 | 1 University Of Minnesota | 1 Gopher | 2008-09-05 | 7.2 HIGH | N/A |
| gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges. | |||||
| CVE-2005-1886 | 1 Yapig | 1 Yapig | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment. | |||||
| CVE-2005-1885 | 1 Yapig | 1 Yapig | 2008-09-05 | 5.0 MEDIUM | N/A |
| view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message. | |||||
| CVE-2005-1884 | 1 Yapig | 1 Yapig | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
| CVE-2005-1883 | 1 Yapig | 1 Yapig | 2008-09-05 | 5.0 MEDIUM | N/A |
| global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter. | |||||
| CVE-2005-1967 | 1 Early Impact | 1 Productcart Ecommerce | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp. | |||||
| CVE-2005-2031 | 1 Socialmpn | 1 Socialmpn | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php. | |||||
| CVE-2005-2029 | 1 Amarok | 1 Web Frontend | 2008-09-05 | 7.5 HIGH | N/A |
| amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file. | |||||
| CVE-2005-1968 | 1 Early Impact | 1 Productcart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce before 2.7 allows remote attackers to inject arbitrary web script or HTML via the error parameter to techErr.asp. | |||||
| CVE-2005-1859 | 1 Sgi | 1 Propack | 2008-09-05 | 7.2 HIGH | N/A |
| Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array. | |||||
| CVE-2005-1865 | 1 Vincent Hor | 1 Calendarix Advanced | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php. | |||||
| CVE-2005-2027 | 1 Enterasys | 1 Vertical Horizon-2402s | 2008-09-05 | 5.0 MEDIUM | N/A |
| Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry. | |||||
| CVE-2005-1969 | 1 Pragma Systems | 1 Pragma Telnetserver | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserver 6.0 allows remote attackers to inject arbitrary web script or HTML, and hide activities in log files, via a "<!--" (HTML comment) in a session. | |||||
| CVE-2005-1970 | 1 Symantec | 1 Pcanywhere | 2008-09-05 | 7.2 HIGH | N/A |
| Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature. | |||||
| CVE-2005-1971 | 1 Interactivephp | 1 Fusionbb | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter. | |||||
| CVE-2005-1972 | 1 Interactivephp | 1 Fusionbb | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 Beta and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username, which is not properly handled by the insertUser function, or (2) the bb_session_id value in a cookie. | |||||
| CVE-2005-1858 | 1 Fuse | 1 Fuse | 2008-09-05 | 2.1 LOW | N/A |
| FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information. | |||||
| CVE-2005-2026 | 1 Enterasys | 1 Vertical Horizon-2402s | 2008-09-05 | 7.5 HIGH | N/A |
| Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges. | |||||
| CVE-2005-1856 | 1 Sukria | 1 Backup Manager | 2008-09-05 | 2.1 LOW | N/A |
| The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack. | |||||
| CVE-2005-1855 | 2 Debian, Sukria | 2 Debian Linux, Backup Manager | 2008-09-05 | 2.1 LOW | N/A |
| Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information. | |||||
| CVE-2005-1909 | 1 Software602 | 1 602lan Suite | 2008-09-05 | 4.3 MEDIUM | N/A |
| The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "</pre><!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2005-2024 | 1 Vipul | 1 Razor-agents | 2008-09-05 | 5.0 MEDIUM | N/A |
| Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type. | |||||
| CVE-2005-1848 | 1 Phystech | 1 Dhcpcd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read. | |||||
| CVE-2005-1847 | 1 Yamt | 1 Yamt | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options. | |||||
| CVE-2005-1846 | 1 Yamt | 1 Yamt | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options. | |||||
| CVE-2005-1843 | 1 Adobe | 1 Version Cue | 2008-09-05 | 4.6 MEDIUM | N/A |
| VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument. | |||||
| CVE-2005-1842 | 1 Adobe | 1 Version Cue | 2008-09-05 | 2.1 LOW | N/A |
| VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-2005-1841 | 1 Adobe | 1 Acrobat Reader | 2008-09-05 | 2.1 LOW | N/A |
| The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it. | |||||
| CVE-2005-2021 | 1 Cpanel | 1 Cpanel | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page. | |||||
| CVE-2005-1933 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier (CFBundleIdentifier), a different vulnerability than CVE-2005-1474. | |||||
| CVE-2005-1779 | 1 Maxwebportal | 1 Maxwebportal | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter. | |||||
| CVE-2005-1780 | 1 Dotnetindex | 1 Active News Manager | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2005-1781 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2005-1792 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache. | |||||
| CVE-2005-1797 | 1 Openssl | 1 Openssl | 2008-09-05 | 5.1 MEDIUM | N/A |
| The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. | |||||