Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0362 | 1 Awstats | 1 Awstats | 2008-09-05 | 4.6 MEDIUM | N/A |
| awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters. | |||||
| CVE-2005-0363 | 1 Awstats | 1 Awstats | 2008-09-05 | 7.5 HIGH | N/A |
| awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. | |||||
| CVE-2005-0666 | 1 The Pax Team | 1 Pax Linux | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code. | |||||
| CVE-2005-0636 | 1 Foxmail | 1 Foxmail Email Server | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command. | |||||
| CVE-2005-0635 | 1 Foxmail | 1 Foxmail Email Server | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2005-0667 | 5 Altlinux, Gentoo, Redhat and 2 more | 7 Alt Linux, Linux, Enterprise Linux and 4 more | 2008-09-05 | 5.1 MEDIUM | N/A |
| Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. | |||||
| CVE-2005-0437 | 1 Awstats | 1 Awstats | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter. | |||||
| CVE-2005-0668 | 1 Christian Hilgers | 1 Http Anti Virus Proxy \(havp\) | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files. | |||||
| CVE-2005-0671 | 1 Ca3de | 1 Ca3de | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command. | |||||
| CVE-2005-0672 | 1 Ca3de | 1 Ca3de | 2008-09-05 | 7.5 HIGH | N/A |
| Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference. | |||||
| CVE-2005-0627 | 1 Trolltech | 1 Qt | 2008-09-05 | 4.6 MEDIUM | N/A |
| Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. | |||||
| CVE-2005-0675 | 1 Phpoutsourcing | 1 Zorum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters. | |||||
| CVE-2005-0522 | 1 Lionmax Software | 1 Chat Anywhere | 2008-09-05 | 4.6 MEDIUM | N/A |
| Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges. | |||||
| CVE-2005-0517 | 1 Peerftp 5 | 1 Peerftp 5 | 2008-09-05 | 2.1 LOW | N/A |
| PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges. | |||||
| CVE-2005-0387 | 1 Remstats | 1 Remstats | 2008-09-05 | 2.1 LOW | N/A |
| remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-0512 | 1 Mambo | 1 Mambo | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. | |||||
| CVE-2005-0539 | 1 Ibm | 1 Hardware Management Console | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard. | |||||
| CVE-2005-0538 | 1 Ginp | 1 Ginp | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (1) GinpPictureServlet.java and (2) PicCollection.java in ginp (Java Photo Gallery Web Application) before 0.22 allows remote attackers to read arbitrary files. | |||||
| CVE-2005-0388 | 1 Remstats | 1 Remstats | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising." | |||||
| CVE-2005-0390 | 1 Axel | 1 Axel | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-0544 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0574 | 1 Cupidsystems | 1 Cis Webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL. | |||||
| CVE-2005-0393 | 1 Crip | 1 Crip | 2008-09-05 | 7.2 HIGH | N/A |
| The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors. | |||||
| CVE-2005-0404 | 2 Kde, Kmail | 2 Kde, Kmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email. | |||||
| CVE-2005-0673 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. | |||||
| CVE-2005-0510 | 1 Fallback-reboot | 1 Fallback-reboot | 2008-09-05 | 2.1 LOW | N/A |
| The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty. | |||||
| CVE-2005-0644 | 1 Mcafee | 1 Antivirus Engine | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643. | |||||
| CVE-2005-0665 | 1 John Bradley | 1 Xv | 2008-09-05 | 5.1 MEDIUM | N/A |
| Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename. | |||||
| CVE-2005-0639 | 3 Altlinux, Suse, Xli | 3 Alt Linux, Suse Linux, Xli | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files. | |||||
| CVE-2005-0514 | 1 Verity | 1 Verity Ultraseek | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters. | |||||
| CVE-2005-0523 | 1 Prozilla | 1 Prozilla Download Accelerator | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header. | |||||
| CVE-2005-0386 | 1 Mailreader.com | 1 Mailreader.com | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages. | |||||
| CVE-2005-0515 | 1 Webroot Software | 1 My Firewall Plus | 2008-09-05 | 2.1 LOW | N/A |
| Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files. | |||||
| CVE-2005-0360 | 1 Microsoft | 1 Log Sink Class Activex Control | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files. | |||||
| CVE-2005-0521 | 1 Sendlink | 1 Sendlink | 2008-09-05 | 2.1 LOW | N/A |
| SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges. | |||||
| CVE-2005-0677 | 1 Phpoutsourcing | 1 Zorum | 2008-09-05 | 5.0 MEDIUM | N/A |
| index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter. | |||||
| CVE-2005-0432 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks. | |||||
| CVE-2005-0576 | 1 Sun | 1 Solaris | 2008-09-05 | 3.6 LOW | N/A |
| Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. | |||||
| CVE-2005-0577 | 1 Dna | 1 Mkbold-mkitalic | 2008-09-05 | 5.1 MEDIUM | N/A |
| Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files. | |||||
| CVE-2005-0579 | 1 Freenx | 1 Freenx | 2008-09-05 | 4.6 MEDIUM | N/A |
| nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication. | |||||
| CVE-2005-0444 | 1 Vmware | 1 Workstation | 2008-09-05 | 4.6 MEDIUM | N/A |
| VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | |||||
| CVE-2005-0484 | 1 Gproftpd | 1 Gproftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log. | |||||
| CVE-2005-0489 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 4.9 MEDIUM | N/A |
| The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows local users to cause a denial of service via unknown vectors that cause an invalid access of free memory. | |||||
| CVE-2005-0653 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 4.6 MEDIUM | N/A |
| phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | |||||
| CVE-2005-0580 | 1 Krzysztof Dabrowski | 1 Cmd5checkpw | 2008-09-05 | 2.1 LOW | N/A |
| cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file. | |||||
| CVE-2005-0596 | 1 Php | 1 Php | 2008-09-05 | 2.1 LOW | N/A |
| PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size. | |||||
| CVE-2005-0618 | 2 Nexland, Symantec | 4 Pro800turbo, Firewall Vpn Appliance 200r, Gateway Security 360 and 1 more | 2008-09-05 | 6.4 MEDIUM | N/A |
| The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network. | |||||
| CVE-2005-0613 | 1 Fckeditor | 1 Fckeditor | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files. | |||||
| CVE-2005-0676 | 1 Phpoutsourcing | 1 Zorum | 2008-09-05 | 7.5 HIGH | N/A |
| index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability. | |||||
| CVE-2005-0518 | 1 Exeem | 1 Exeem | 2008-09-05 | 2.1 LOW | N/A |
| eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values. | |||||