Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0931 | 1 Jimmy | 1 The Includer | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2005-0958 | 1 Yepyep | 1 Mtftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command. | |||||
| CVE-2005-0976 | 3 Apple, Hmdt, Omnigroup | 3 Safari, Shiira, Omniweb | 2008-09-05 | 5.0 MEDIUM | N/A |
| AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs. | |||||
| CVE-2005-0959 | 1 Yepyep | 1 Mtftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may allow attackers to execute arbitrary code via a long path. | |||||
| CVE-2005-1008 | 1 Asp-dev | 1 Xm Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag. | |||||
| CVE-2005-0985 | 1 Apple | 1 Mac Os X | 2008-09-05 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver. | |||||
| CVE-2005-1011 | 1 Iatek | 1 Siteenable | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.asp in SiteEnable allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | |||||
| CVE-2005-0740 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. | |||||
| CVE-2005-0865 | 1 Securecomputing | 1 Samsung Adsl Modem | 2008-09-05 | 7.5 HIGH | N/A |
| Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi. | |||||
| CVE-2005-0921 | 1 Microsoft | 1 Outlook Connector | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. | |||||
| CVE-2005-0920 | 1 Bugtracker.net | 1 Bugtracker.net | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-0971 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments. | |||||
| CVE-2005-0864 | 1 Securecomputing | 1 Samsung Adsl Modem | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. | |||||
| CVE-2005-0906 | 3 Instance Four, Sacred, Ubi Soft | 3 Tincat, Sacred, The Settlersheritage Of Kings | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in a player logging function in the Tincat network library 2.x before 2.0.28, as used in games such as Sacred and The Settlers: Heritage of Kings, allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-0834 | 1 Belkin | 1 Belkin 54g Wireless Router | 2008-09-05 | 5.0 MEDIUM | N/A |
| Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-0833 | 1 Belkin | 1 Belkin 54g Wireless Router | 2008-09-05 | 7.5 HIGH | N/A |
| Belkin 54G (F5D7130) wireless router allows remote attackers to access restricted resources by sniffing URIs from UPNP datagrams, then accessing those URIs, which do not require authentication. | |||||
| CVE-2005-0832 | 1 Php-post | 1 Php-post Web Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-0831 | 1 Php-post | 1 Php-post Web Forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters. | |||||
| CVE-2005-0849 | 1 Funlabs | 9 4x4 Off-road Adventure Iii, Cabelas Big Game Hunter 2004 Season, Cabelas Big Game Hunter 2005 and 6 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet. | |||||
| CVE-2005-0830 | 1 Xzabite | 1 Dyndnsupdate | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-0813 | 1 Initial Redirect | 1 Initial Redirect Squid Proxy Plug-in | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors. | |||||
| CVE-2005-0812 | 1 Notify Technology | 1 Notifylink | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information. | |||||
| CVE-2005-0811 | 1 Notify Technology | 1 Notifylink | 2008-09-05 | 4.6 MEDIUM | N/A |
| The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs. | |||||
| CVE-2005-0810 | 1 Notify Technology | 1 Notifylink | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL. | |||||
| CVE-2005-0809 | 1 Notify Technology | 1 Notifylink | 2008-09-05 | 7.5 HIGH | N/A |
| NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack. | |||||
| CVE-2005-0825 | 1 Lgames | 1 Ltris | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in LTris before 1.0.10 allows local users to execute arbitrary code via a crafted highscores file. | |||||
| CVE-2005-0972 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.2 HIGH | N/A |
| Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters. | |||||
| CVE-2005-0686 | 1 Mlterm | 1 Mlterm | 2008-09-05 | 7.5 HIGH | N/A |
| Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background. | |||||
| CVE-2005-0923 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2008-09-05 | 2.1 LOW | N/A |
| The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share. | |||||
| CVE-2005-0747 | 1 Applyyourself | 1 I-class | 2008-09-05 | 5.0 MEDIUM | N/A |
| ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp. | |||||
| CVE-2005-0745 | 1 Utstarcom | 1 Ian-02ex Voip Ata | 2008-09-05 | 4.6 MEDIUM | N/A |
| UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset. | |||||
| CVE-2005-0907 | 1 Valdersoft | 1 Shopping Cart | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php. | |||||
| CVE-2005-0819 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start. | |||||
| CVE-2005-0973 | 1 Apple | 1 Mac Os X | 2008-09-05 | 2.1 LOW | N/A |
| Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments. | |||||
| CVE-2005-0908 | 1 Valdersoft | 1 Valdersoft Shopping Cart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to index.php or (2) the searchTopCategoryID parameter to search_result.php. | |||||
| CVE-2005-0693 | 1 Jowood Productions | 1 Chaser | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attackers to cause a denial of service (client or server crash) and execute arbitrary code via a long nickname. | |||||
| CVE-2005-0934 | 1 Wackowiki | 1 Wackowiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-0713 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 4.6 MEDIUM | N/A |
| The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges. | |||||
| CVE-2005-0910 | 1 E-xoops | 1 E-xoops | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php. | |||||
| CVE-2005-0703 | 1 Xerox | 18 Workcentre 165, Workcentre 175, Workcentre 2128 and 15 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179. | |||||
| CVE-2005-0987 | 1 Irc Services | 1 Nickserv Listlinks | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 allows remote attackers to obtain the links of a nick. | |||||
| CVE-2005-0912 | 1 Deplate | 1 Deplate | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb. | |||||
| CVE-2005-0918 | 1 Adobe | 1 Svg Viewer | 2008-09-05 | 5.0 MEDIUM | N/A |
| The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not. | |||||
| CVE-2005-0914 | 1 Cpg-nuke | 1 Cpg Dragonfly Cms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter. | |||||
| CVE-2005-0687 | 1 Hashcash | 1 Hashcash | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header. | |||||
| CVE-2005-0960 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash). | |||||
| CVE-2005-0682 | 1 Drupal | 1 Drupal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs. | |||||
| CVE-2005-0915 | 1 Webmasters-debutants | 1 Wd Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php. | |||||
| CVE-2005-1015 | 1 Mailenable | 1 Imapd | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command. | |||||
| CVE-2005-0991 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files. | |||||