Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1526 | 1 The Cacti Group | 1 Cacti | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter. | |||||
| CVE-2005-1528 | 1 Qnx | 1 Rtos | 2017-07-11 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library. | |||||
| CVE-2005-1530 | 1 Sophos | 5 Sophos Anti-virus, Sophos Mailmonitor, Sophos Mailmonitor For Notes Domino and 2 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value. | |||||
| CVE-2005-1551 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-11 | 5.1 MEDIUM | N/A |
| Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot. | |||||
| CVE-2005-1552 | 1 Geovision | 1 Digital Surveillance System | 2017-07-11 | 5.0 MEDIUM | N/A |
| GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image. | |||||
| CVE-2005-1553 | 1 Geovision | 1 Digital Surveillance System | 2017-07-11 | 7.5 HIGH | N/A |
| GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing. | |||||
| CVE-2005-1554 | 1 Wowbb | 1 Wowbb Web Forum | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter. | |||||
| CVE-2005-1555 | 1 Macromedia | 1 Coldfusion | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. | |||||
| CVE-2005-1556 | 1 Gamespy | 1 Gamespy Sdk Cd-key Validation Toolkit | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session. | |||||
| CVE-2005-1557 | 1 Pixysoft | 1 Guestbook Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message. | |||||
| CVE-2005-1558 | 1 Neteyes | 1 Nexusway | 2017-07-11 | 7.5 HIGH | N/A |
| The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie. | |||||
| CVE-2005-1559 | 1 Neteyes | 1 Nexusway | 2017-07-11 | 10.0 HIGH | N/A |
| The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi. | |||||
| CVE-2005-1560 | 1 Neteyes | 1 Nexusway | 2017-07-11 | 10.0 HIGH | N/A |
| The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute. | |||||
| CVE-2005-1561 | 1 Maxwebportal | 1 Maxwebportal | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.asp in MaxWebPortal 1.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mod, (2) M, or (3) type parameter. | |||||
| CVE-2005-1562 | 1 Maxwebportal | 1 Maxwebportal | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp. | |||||
| CVE-2005-1564 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 7.5 HIGH | N/A |
| post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product. | |||||
| CVE-2005-1596 | 1 Fusion | 1 Sbx | 2017-07-11 | 10.0 HIGH | N/A |
| index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter. | |||||
| CVE-2005-1597 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. | |||||
| CVE-2005-1599 | 1 Kryloff Technologies | 1 Subject Search Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field. | |||||
| CVE-2005-1600 | 1 Libtomcrypt | 1 Libtomcrypt | 2017-07-11 | 7.5 HIGH | N/A |
| A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key. | |||||
| CVE-2005-1601 | 1 Mro Software | 1 Maximo Self Service | 2017-07-11 | 5.0 MEDIUM | N/A |
| MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties. | |||||
| CVE-2005-1602 | 1 Net56 | 1 File Manager | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. | |||||
| CVE-2005-1606 | 1 Positive Software | 1 H-sphere Winbox | 2017-07-11 | 4.6 MEDIUM | N/A |
| H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges. | |||||
| CVE-2005-1608 | 1 Spidean | 2 At-lite, Autotheme | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown impact. | |||||
| CVE-2005-1609 | 1 Sun | 1 Storedge 6130 Arrays | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data. | |||||
| CVE-2005-1610 | 1 Tru-zone | 1 Nukeet | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter. | |||||
| CVE-2005-1611 | 1 Web Crossing Inc | 1 Web Crossing | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an "@" followed by the desired script. | |||||
| CVE-2005-1627 | 1 Viewglob | 1 Viewglob | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact. | |||||
| CVE-2005-1631 | 1 Booby | 1 Booby | 2017-07-11 | 5.0 MEDIUM | N/A |
| booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs. | |||||
| CVE-2005-1643 | 1 Jorg Ruppel | 1 Zoidcom | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and earlier allows remote attackers to cause a denial of service via a crafted UDP packet with a large size value, which causes a memory allocation error or an out-of-bounds read. | |||||
| CVE-2005-1644 | 1 1two | 1 Livre D Or | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters. | |||||
| CVE-2005-1645 | 1 Keyvan1 | 1 Imagegallery | 2017-07-11 | 5.0 MEDIUM | N/A |
| Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-1660 | 1 Htmljunction | 1 Ezguestbook | 2017-07-11 | 7.5 HIGH | N/A |
| HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password. | |||||
| CVE-2005-1662 | 1 Jeuce | 1 Jeuce Personal Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2005-1663 | 1 Jeuce | 1 Jeuce Personal Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with "://". | |||||
| CVE-2005-1665 | 1 Microsoft | 1 Asp.net | 2017-07-11 | 5.0 MEDIUM | N/A |
| The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup. | |||||
| CVE-2005-1666 | 1 Orenosv | 1 Orenosv Http Ftp Server | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe. | |||||
| CVE-2005-1726 | 1 Apple | 1 Mac Os X | 2017-07-11 | 4.6 MEDIUM | N/A |
| The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions." | |||||
| CVE-2005-1935 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. | |||||
| CVE-2005-1936 | 1 Xerox | 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access." | |||||
| CVE-2005-1764 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 2.1 LOW | N/A |
| Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug, which allows local users to cause a denial of service. | |||||
| CVE-2005-1822 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. | |||||
| CVE-2005-1823 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. | |||||
| CVE-2005-1854 | 1 Debian | 1 Apt-cacher | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server. | |||||
| CVE-2005-1857 | 1 Simpleproxy | 1 Simpleproxy | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply. | |||||
| CVE-2005-1867 | 1 Symantec | 1 Brightmail Antispam | 2017-07-11 | 7.5 HIGH | N/A |
| Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges. | |||||
| CVE-2005-1868 | 1 I-man | 1 I-man | 2017-07-11 | 7.5 HIGH | N/A |
| I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. | |||||
| CVE-2005-1887 | 1 Sun | 1 Solaris | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges. | |||||
| CVE-2005-1900 | 1 Sawmill | 1 Sawmill | 2017-07-11 | 7.5 HIGH | N/A |
| Sawmill before 7.1.6 allows remote attackers to bypass authentication and (1) gain administrative privileges or (2) add a license. | |||||
| CVE-2005-1901 | 1 Sawmill | 1 Sawmill | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page. | |||||