Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1677 | 1 Groove | 2 Groove Workspace, Virtual Office | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allows remote attackers to bypass restrictions on COM objects. | |||||
| CVE-2005-1678 | 1 Groove | 2 Groove Workspace, Virtual Office | 2008-09-05 | 2.6 LOW | N/A |
| Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code. | |||||
| CVE-2005-1691 | 1 Sap | 1 Sap R 3 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request. | |||||
| CVE-2005-1706 | 1 Mailscanner | 1 Mailscanner | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection. | |||||
| CVE-2005-1711 | 3 Clam Anti-virus, Gibraltar, Squid | 3 Clamav, Gibraltar Firewall, Squid | 2008-09-05 | 7.5 HIGH | N/A |
| Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. | |||||
| CVE-2005-1712 | 1 Sy9 | 1 Serendipity | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files. | |||||
| CVE-2005-1713 | 1 S9y | 1 Serendipity | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins. | |||||
| CVE-2005-1715 | 1 Ej3 | 1 Topo | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section. | |||||
| CVE-2005-1716 | 1 Ej3 | 1 Topo | 2008-09-05 | 5.0 MEDIUM | N/A |
| TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses. | |||||
| CVE-2005-1717 | 1 Zyxel | 1 Prestige 650r-31 | 2008-09-05 | 5.0 MEDIUM | N/A |
| ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets. | |||||
| CVE-2005-1718 | 1 Ls Games | 1 War Times | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname. | |||||
| CVE-2005-1719 | 1 Alwil | 1 Avast Antivirus | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses. | |||||
| CVE-2005-1720 | 1 Apple | 1 Afp Server | 2008-09-05 | 2.1 LOW | N/A |
| AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL. | |||||
| CVE-2005-1721 | 1 Apple | 1 Afp Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code. | |||||
| CVE-2005-1722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.2 HIGH | N/A |
| Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions. | |||||
| CVE-2005-1723 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 7.5 HIGH | N/A |
| LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions. | |||||
| CVE-2005-1724 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 7.5 HIGH | N/A |
| NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2005-1727 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 3.7 LOW | N/A |
| Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions." | |||||
| CVE-2005-1728 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Portable Home Directory credentials, which allows local users to obtain the credentials. | |||||
| CVE-2005-1729 | 1 Novell | 1 Edirectory | 2008-09-05 | 5.0 MEDIUM | N/A |
| Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. | |||||
| CVE-2005-1734 | 1 Electricmonk | 1 Proms | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-1735 | 1 Electricmonk | 1 Proms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1736 | 1 Electricmonk | 1 Proms | 2008-09-05 | 7.5 HIGH | N/A |
| PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended. | |||||
| CVE-2005-1738 | 1 Iron Bars Shell | 1 Iron Bars Shell | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call. | |||||
| CVE-2005-1750 | 1 Distinct Web Creations | 1 Newsletterez | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1452 | 1 S9y | 1 Serendipity | 2008-09-05 | 10.0 HIGH | N/A |
| Serendipity before 0.8 allows Chief users to "hide plugins installed by other users." | |||||
| CVE-2005-1451 | 1 S9y | 1 Serendipity | 2008-09-05 | 7.5 HIGH | N/A |
| The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. | |||||
| CVE-2005-1450 | 1 S9y | 1 Serendipity | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact. | |||||
| CVE-2005-1449 | 1 S9y | 1 Serendipity | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. | |||||
| CVE-2005-1448 | 1 S9y | 1 Serendipity | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1447 | 1 Sitepanel | 1 Sitepanel | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter. | |||||
| CVE-2005-1446 | 1 Sitepanel | 1 Sitepanel | 2008-09-05 | 7.5 HIGH | N/A |
| SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket. | |||||
| CVE-2005-1445 | 1 Sitepanel | 1 Sitepanel | 2008-09-05 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php. | |||||
| CVE-2005-1440 | 1 Codetosell | 1 Viart Shop Enterprise | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php. | |||||
| CVE-2005-1439 | 1 Osticket | 1 Osticket | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter. | |||||
| CVE-2005-1438 | 1 Osticket | 1 Osticket | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter. | |||||
| CVE-2005-1437 | 1 Osticket | 1 Osticket | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php. | |||||
| CVE-2005-1435 | 1 Open Webmail | 1 Open Webmail | 2008-09-05 | 7.5 HIGH | N/A |
| Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2005-1434 | 1 Hp | 1 Openview Network Node Manager | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2005-1433 | 1 Hp | 1 Openview Event Correlation Services | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2005-1570 | 1 Battleaxe Software | 1 Bttlxeforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability. | |||||
| CVE-2005-1429 | 1 Abczone.it | 1 Wwwguestbook | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1388 | 1 Survivor | 1 Survivor | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1571 | 1 Wenig And Spitzer-williams | 1 Showoff Digital Media Software | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts. | |||||
| CVE-2005-1572 | 1 Wenig And Spitzer-williams | 1 Showoff Digital Media Software | 2008-09-05 | 5.0 MEDIUM | N/A |
| ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083. | |||||
| CVE-2005-1573 | 1 Darrel Oneil | 1 Asp Virtual News Manager | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1575 | 1 Mozilla | 1 Firefox | 2008-09-05 | 5.0 MEDIUM | N/A |
| The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. | |||||
| CVE-2005-1576 | 1 Mozilla | 1 Firefox | 2008-09-05 | 2.6 LOW | N/A |
| The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. | |||||
| CVE-2005-1577 | 1 Apg Technology | 1 Classmaster | 2008-09-05 | 7.5 HIGH | N/A |
| APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share. | |||||
| CVE-2005-1578 | 1 Guidance Software | 1 Encase | 2008-09-05 | 2.1 LOW | N/A |
| EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection. | |||||