Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3762 | 1 Exponent | 1 Exponent | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter. | |||||
| CVE-2005-3684 | 1 Freeftpd | 1 Freeftpd | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands. | |||||
| CVE-2005-3694 | 1 Centericq | 1 Centericq | 2017-07-11 | 7.8 HIGH | N/A |
| centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus. | |||||
| CVE-2005-3706 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 6.4 MEDIUM | N/A |
| Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory. | |||||
| CVE-2005-3690 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe, or (6) unsubscribe commands. | |||||
| CVE-2005-3846 | 1 Fscripts | 1 Fantastic News | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2005-3797 | 1 Alstrasoft | 1 Template Seller | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter. | |||||
| CVE-2005-3800 | 1 Macromedia | 1 Contribute Publishing Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information. | |||||
| CVE-2005-3705 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2005-3796 | 1 Alstrasoft | 1 Affiliate Network Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability. | |||||
| CVE-2005-3804 | 1 Cisco | 1 7920 Wireless Ip Phone | 2017-07-11 | 6.4 MEDIUM | N/A |
| Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service. | |||||
| CVE-2005-3862 | 1 Unalz | 1 Unalz | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives. | |||||
| CVE-2005-3746 | 1 Apboard | 1 Apboard | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2005-3708 | 1 Apple | 1 Quicktime | 2017-07-11 | 7.5 HIGH | N/A |
| Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. | |||||
| CVE-2005-3707 | 1 Apple | 1 Quicktime | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. | |||||
| CVE-2005-3803 | 1 Cisco | 1 7920 Wireless Ip Phone | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-3772 | 1 Joomla | 1 Joomla | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class. | |||||
| CVE-2005-3798 | 1 Alstrasoft | 1 Template Seller | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2005-3704 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL). | |||||
| CVE-2005-3700 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2005-3683 | 1 Freeftpd | 1 Freeftpd | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command. | |||||
| CVE-2005-3795 | 1 Alstrasoft | 1 Affiliate Network Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php. | |||||
| CVE-2005-3794 | 1 Alstrasoft | 1 Affiliate Network Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts. | |||||
| CVE-2005-3568 | 1 Ibm | 1 Db2 Content Manager | 2017-07-11 | 2.1 LOW | N/A |
| db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING." | |||||
| CVE-2005-3019 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. | |||||
| CVE-2005-3566 | 1 Symantec Veritas | 4 Cluster Server, Sanpoint Control Quickstart, Storage Foundation and 1 more | 2017-07-11 | 4.3 MEDIUM | N/A |
| Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew. | |||||
| CVE-2005-3018 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL. | |||||
| CVE-2005-3013 | 1 Suse | 1 Suse Linux | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry. | |||||
| CVE-2005-3197 | 1 Webroot Software | 1 Desktop Firewall | 2017-07-11 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list. | |||||
| CVE-2005-3198 | 1 Webroot Software | 1 Desktop Firewall | 2017-07-11 | 4.6 MEDIUM | N/A |
| Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands. | |||||
| CVE-2005-3676 | 1 Phpwebthings | 1 Phpwebthings | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter. | |||||
| CVE-2005-3006 | 1 Opera | 1 Opera Browser | 2017-07-11 | 5.0 MEDIUM | N/A |
| The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames. | |||||
| CVE-2005-3004 | 1 Interakt | 1 Mx Shop | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_prd parameters to the pages module in index.php. | |||||
| CVE-2005-2988 | 1 Hp | 1 Laserjet 2430 | 2017-07-11 | 5.0 MEDIUM | N/A |
| HP LaserJet 2430, and possibly other printers that use Jetdirect controls, stores information about recently printed documents without proper protection, which could allow remote attackers to obtain sensitive information via SNMP. | |||||
| CVE-2005-2987 | 1 Digital Scribe | 1 Digital Scribe | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2005-2986 | 1 Ahnlab | 3 V3 Virusblock 2005, V3net, V3pro 2004 | 2017-07-11 | 7.5 HIGH | N/A |
| The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges. | |||||
| CVE-2005-2985 | 1 Aewebworks | 1 Aedating | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter. | |||||
| CVE-2005-2984 | 1 Data Center Resources | 1 Avocent | 2017-07-11 | 4.6 MEDIUM | N/A |
| Avocent CCM console server running firmware 2.1 CCM4850 allows remote authenticated attackers to bypass port restrictions by connecting to the server via SSH and using the connect command to access the serial port. | |||||
| CVE-2005-3469 | 1 News2net | 1 News2net | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2005-3634 | 1 Sap | 1 Sap Web Application Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. | |||||
| CVE-2005-3436 | 1 Nuked-klan | 1 Nuked-klan | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox. | |||||
| CVE-2005-2980 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter. | |||||
| CVE-2005-2979 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter. | |||||
| CVE-2005-3199 | 1 Aspready Faq Manager | 1 Aspready Faq Manager | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) txtLogin and (2) txtPassword parameters. | |||||
| CVE-2005-3200 | 1 Utopia Software | 1 Utopia News Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php. | |||||
| CVE-2005-2855 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field. | |||||
| CVE-2005-2961 | 1 Prozilla | 1 Prozilla Download Accelerator | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag. | |||||
| CVE-2005-2960 | 2 Debian, Gnu | 2 Debian Linux, Cfengine | 2017-07-11 | 2.1 LOW | N/A |
| cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | |||||
| CVE-2005-2848 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | |||||
| CVE-2005-2895 | 1 Pblang | 1 Pblang | 2017-07-11 | 5.0 MEDIUM | N/A |
| setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message. | |||||