Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1235 | 1 Phpbb Group | 1 Phpbb-auction | 2008-09-05 | 5.0 MEDIUM | N/A |
| auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. | |||||
| CVE-2005-1236 | 1 Duware | 1 Duportal | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224. | |||||
| CVE-2005-1151 | 1 Debian | 1 Qpopper | 2008-09-05 | 7.2 HIGH | N/A |
| qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root. | |||||
| CVE-2005-1150 | 1 Sun | 1 Java System Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). | |||||
| CVE-2005-1281 | 1 Ethereal Group | 1 Ethereal | 2008-09-05 | 5.0 MEDIUM | N/A |
| Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. | |||||
| CVE-2005-1140 | 1 Mywebland | 1 Mybloggie | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments. | |||||
| CVE-2005-1072 | 1 Punbb | 1 Punbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2005-1084 | 1 Aewebworks | 1 Aedating | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter. | |||||
| CVE-2005-1085 | 1 Aewebworks | 1 Aedating | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2005-1274 | 1 Mysql | 1 Maxdb | 2008-09-05 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter. | |||||
| CVE-2005-1097 | 1 Rebrand | 1 P2p Share Spy | 2008-09-05 | 4.6 MEDIUM | N/A |
| Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the txtPassword value in the registry, which allows local users to gain privileges. | |||||
| CVE-2005-1321 | 1 Horde | 1 Vaction | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-1320 | 1 Horde | 1 Mnemo | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-1339 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.5 HIGH | N/A |
| lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name. | |||||
| CVE-2005-1128 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries. | |||||
| CVE-2005-1338 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext. | |||||
| CVE-2005-1319 | 1 Horde | 1 Imp | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-1131 | 1 Symantec Veritas | 1 I3 Focalpoint Server | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact. | |||||
| CVE-2005-1337 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.5 HIGH | N/A |
| Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI. | |||||
| CVE-2005-1063 | 1 Kerio | 3 Kerio Mailserver, Personal Firewall, Winroute Firewall | 2008-09-05 | 5.0 MEDIUM | N/A |
| The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations." | |||||
| CVE-2005-1152 | 1 Debian | 1 Qpopper | 2008-09-05 | 2.1 LOW | N/A |
| popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions. | |||||
| CVE-2005-1336 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable. | |||||
| CVE-2005-1138 | 1 Kerio | 1 Kerio Mailserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages. | |||||
| CVE-2005-1149 | 1 Acnews | 1 Acnews | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |||||
| CVE-2005-1335 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.2 HIGH | N/A |
| Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner." | |||||
| CVE-2005-1322 | 1 Horde | 1 Nag | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-1083 | 1 Aewebworks | 1 Aedating | 2008-09-05 | 5.0 MEDIUM | N/A |
| index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter. | |||||
| CVE-2005-1346 | 1 Symantec | 7 Antivirus Scan Engine, Mail Security, Norton Antivirus and 4 more | 2008-09-05 | 2.6 LOW | N/A |
| Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. | |||||
| CVE-2005-1343 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument. | |||||
| CVE-2005-1313 | 1 Horde | 1 Passwd | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-1143 | 1 Easyphpcalendar | 1 Easyphpcalendar | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter. | |||||
| CVE-2005-1340 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy. | |||||
| CVE-2005-1327 | 1 Woltlab | 1 Burning Board | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter. | |||||
| CVE-2005-1312 | 1 Yappa-ng | 1 Yappa-ng | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. | |||||
| CVE-2005-1311 | 1 Yappa-ng | 1 Yappa-ng | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1310 | 1 Eaden Mckee | 1 Bblog | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||
| CVE-2005-1309 | 1 Eaden Mckee | 1 Bblog | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text. | |||||
| CVE-2005-1065 | 1 Novell | 1 Linux Desktop | 2008-09-05 | 2.1 LOW | N/A |
| tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory. | |||||
| CVE-2005-1326 | 1 Voodoo Circle | 1 Voodoo Circle | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote authenticated attackers to cause a denial of service (client crash) via a crafted packet. | |||||
| CVE-2005-1308 | 1 Inter7 | 1 Sqwebmail | 2008-09-05 | 7.5 HIGH | N/A |
| SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. | |||||
| CVE-2005-1066 | 1 University Of Washington | 1 Pine | 2008-09-05 | 1.2 LOW | N/A |
| Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-1306 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability." | |||||
| CVE-2005-1231 | 1 Jaws | 1 Jaws | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description. | |||||
| CVE-2005-1145 | 1 Calendarscript | 1 Calendarscript | 2008-09-05 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146. | |||||
| CVE-2005-1144 | 1 Easyphpcalendar | 1 Easyphpcalendar | 2008-09-05 | 5.0 MEDIUM | N/A |
| popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message. | |||||
| CVE-2005-1314 | 1 Horde | 1 Kronolith | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-0834 | 1 Belkin | 1 Belkin 54g Wireless Router | 2008-09-05 | 5.0 MEDIUM | N/A |
| Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-0995 | 1 Early Impact | 1 Productcart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart. | |||||
| CVE-2005-0991 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files. | |||||
| CVE-2005-0987 | 1 Irc Services | 1 Nickserv Listlinks | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 allows remote attackers to obtain the links of a nick. | |||||