Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0301 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2017-07-11 | 7.5 HIGH | N/A |
| comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. | |||||
| CVE-2005-0302 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | |||||
| CVE-2005-0304 | 1 Divx | 1 Divx Player | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin. | |||||
| CVE-2005-0305 | 1 Siteman | 1 Siteman | 2017-07-11 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation. | |||||
| CVE-2005-0307 | 1 Mercuryboard | 1 Mercuryboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters. | |||||
| CVE-2005-0306 | 1 Mercuryboard | 1 Mercuryboard | 2017-07-11 | 5.0 MEDIUM | N/A |
| MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message. | |||||
| CVE-2005-0043 | 1 Apple | 1 Itunes | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. | |||||
| CVE-2005-0478 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script. | |||||
| CVE-2005-0479 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and (1) "/" slash), (2) "\" (backslash), or (3) hex-encoded characters in the fn parameter. | |||||
| CVE-2005-0308 | 1 Ursoftware | 1 W32dasm | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name. | |||||
| CVE-2005-0480 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file. | |||||
| CVE-2005-0309 | 1 Exponent | 1 Exponent | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter. | |||||
| CVE-2005-0310 | 1 Exponent | 1 Exponent | 2017-07-11 | 5.0 MEDIUM | N/A |
| Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path in an error message because the pathos_core_version variable is undefined. | |||||
| CVE-2005-0034 | 1 Isc | 1 Bind | 2017-07-11 | 4.3 MEDIUM | N/A |
| An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. | |||||
| CVE-2005-0033 | 1 Isc | 1 Bind | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses. | |||||
| CVE-2005-0023 | 1 Gnome | 2 Libvte4, Libzvt2 | 2017-07-11 | 2.1 LOW | N/A |
| gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed. | |||||
| CVE-2005-0481 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| TrackerCam 5.12 and earlier allows remote attackers to read log files via the fn parameter in a direct request to the ComGetLogFile.php3 script. | |||||
| CVE-2005-0020 | 2 Mandrakesoft, Playmidi | 3 Mandrake Linux, Mandrake Linux Corporate Server, Playmidi | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. | |||||
| CVE-2005-0019 | 1 Yongguang Zhang | 1 Hztty | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands. | |||||
| CVE-2005-0311 | 1 Ingate | 1 Ingate Firewall | 2017-07-11 | 4.6 MEDIUM | N/A |
| Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources. | |||||
| CVE-2005-0312 | 1 War Ftp Daemon | 1 War Ftp Daemon | 2017-07-11 | 2.1 LOW | N/A |
| WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability. | |||||
| CVE-2005-0313 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE. | |||||
| CVE-2005-0016 | 1 Gatos | 1 Gatos | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the exported_display function in xatitv in gatos before 0.0.5 allows local users to execute arbitrary code. | |||||
| CVE-2005-0015 | 1 Crosswire Bible Society | 1 Sword | 2017-07-11 | 7.5 HIGH | N/A |
| diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||
| CVE-2005-0482 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| TrackerCam 5.12 and earlier allows remote attackers to cause a denial of service (crash) via (1) a large number of connections with a negative Content-Length header, possibly triggering an integer signedness error, or (2) a large amount of data. | |||||
| CVE-2005-0314 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields. | |||||
| CVE-2005-0315 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning. | |||||
| CVE-2005-0483 | 1 Glftpd | 1 Glftpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command. | |||||
| CVE-2005-0486 | 1 Tarantella | 2 Secure Global Desktop, Tarantella Enterprise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme. | |||||
| CVE-2005-0487 | 1 Kayako | 1 Esupport | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter. | |||||
| CVE-2005-0316 | 1 Webwasher | 1 Webwasher Classic | 2017-07-11 | 7.5 HIGH | N/A |
| WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2005-0491 | 1 Knox Software | 1 Arkeia Server Backup | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request. | |||||
| CVE-2005-0317 | 1 Alt-n | 1 Webadmin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2005-0012 | 1 Dillo | 1 Dillo Web Browser | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page. | |||||
| CVE-2005-0494 | 1 Thomson | 1 Thomson Cable Modem | 2017-07-11 | 7.5 HIGH | N/A |
| The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request. | |||||
| CVE-2005-0495 | 1 Zeroboard | 1 Zeroboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php. | |||||
| CVE-2005-0236 | 1 Omnigroup | 1 Omniweb | 2017-07-11 | 5.0 MEDIUM | N/A |
| The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | |||||
| CVE-2005-0234 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | |||||
| CVE-2005-0496 | 1 Knox Software | 1 Arkeia | 2017-07-11 | 7.5 HIGH | N/A |
| Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. | |||||
| CVE-2005-0497 | 1 Adp | 1 Elite System Max 9000 | 2017-07-11 | 7.2 HIGH | N/A |
| ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory. | |||||
| CVE-2005-0498 | 1 Gigafast Ethernet | 1 Gigafast Router | 2017-07-11 | 7.5 HIGH | N/A |
| Gigafast router (aka CompUSA router) allows remote attackers to gain sensitive information and bypass the login page via a direct request to backup.cfg, which reveals the administrator password in plaintext. | |||||
| CVE-2005-0319 | 1 Alt-n | 1 Webadmin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks. | |||||
| CVE-2005-0499 | 1 Gigafast Ethernet | 1 Gigafast Router | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries. | |||||
| CVE-2005-0502 | 1 Xinkaa Web Station | 1 Xinkaa Web Station | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request. | |||||
| CVE-2005-0320 | 1 Icewarp | 1 Web Mail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html. | |||||
| CVE-2005-0321 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-11 | 2.1 LOW | N/A |
| MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path. | |||||
| CVE-2005-0322 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-11 | 7.2 HIGH | N/A |
| MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords. | |||||
| CVE-2005-0323 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2005-0324 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message. | |||||
| CVE-2005-0325 | 1 Techland | 1 Xpand Rally | 2017-07-11 | 5.0 MEDIUM | N/A |
| Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations. | |||||