Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3215 | 1 Mcafee | 1 Antivirus Engine | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of McAfee Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3216 | 1 Sophos | 1 Sophos Anti-virus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3226 | 1 Arcavir | 1 Arcavir Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of ArcaVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3135 | 1 Virtools | 1 Web Player | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename. | |||||
| CVE-2005-3219 | 1 Avira | 1 Antivir Personal | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Avira Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3227 | 1 Una | 1 Una Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of UNA Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3220 | 1 Norman | 1 Virus Control Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Norman Virus Control Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3140 | 1 Procom Technology | 1 Netforce | 2016-10-18 | 5.0 MEDIUM | N/A |
| Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes. | |||||
| CVE-2005-3141 | 1 Cerulean Studios | 1 Trillian | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ. | |||||
| CVE-2005-3213 | 1 Frisk Software | 1 F-prot Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3228 | 1 Ikarus | 1 Ikarus Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Ikarus AntiVirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3221 | 1 Fortinet | 1 Fortinet Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Fortinet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3229 | 1 Clam Anti-virus | 1 Clamav | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3210 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3182 | 1 Gfi | 1 Mailsecurity | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well. | |||||
| CVE-2005-3153 | 1 Mywebland | 1 Mybloggie | 2016-10-18 | 7.5 HIGH | N/A |
| login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability. | |||||
| CVE-2005-3212 | 1 Eset Software | 1 Nod32 Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of NOD32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3211 | 1 Softwin | 1 Bitdefender Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3217 | 1 Symantec | 1 Antivirus Scan Engine | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3156 | 1 Easyguppy | 1 Easyguppy | 2016-10-18 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal. | |||||
| CVE-2005-3157 | 1 Php Fusion | 1 Php Fusion | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159. | |||||
| CVE-2005-3158 | 1 Php Fusion | 1 Php Fusion | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159. | |||||
| CVE-2005-3159 | 1 Php Fusion | 1 Php Fusion | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158. | |||||
| CVE-2005-3222 | 1 Vba32 | 1 Vba32 Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of VBA32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3223 | 1 Rising | 1 Rising Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3224 | 1 Avira | 1 Antivir Personal | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of AntiVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3196 | 1 Planet Technology Corp | 1 Fgsw2402rs | 2016-10-18 | 4.6 MEDIUM | N/A |
| Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges. | |||||
| CVE-2005-3218 | 1 Dr.web | 1 Dr.web Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Dr.Web Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3063 | 1 Unu Networks | 1 Mailgust | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MailGust 1.9 allows remote attackers to execute arbitrary SQL commands via the email field on the password reminder page. | |||||
| CVE-2005-3083 | 1 Cmsmadesimple | 1 Cms Made Simple | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-3024 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php. | |||||
| CVE-2005-3045 | 1 My Little Homepage | 1 My Little Forum | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in My Little Forum 1.5 and 1.6 beta allows remote attackers to execute arbitrary SQL commands via the phrase field. | |||||
| CVE-2005-3022 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php. | |||||
| CVE-2005-3130 | 1 Lucidcms | 1 Lucidcms | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field. | |||||
| CVE-2005-3131 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the createdataCX parameter to (2) calendar_d.html, (3) calendar_m.html, or (4) calendar_w.html. | |||||
| CVE-2005-3005 | 1 Helpdesk Software | 1 Hesk | 2016-10-18 | 7.5 HIGH | N/A |
| Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie. | |||||
| CVE-2005-3132 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlist_inc.html, which reveals the path in an error message. | |||||
| CVE-2005-2992 | 1 Arc | 1 Arc | 2016-10-18 | 2.1 LOW | N/A |
| arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945. | |||||
| CVE-2005-3052 | 1 Jportal | 1 Jportal Web Portal | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php. | |||||
| CVE-2005-3050 | 1 Phpmyfaq | 1 Phpmyfaq | 2016-10-18 | 5.0 MEDIUM | N/A |
| PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message. | |||||
| CVE-2005-3048 | 1 Phpmyfaq | 1 Phpmyfaq | 2016-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file. | |||||
| CVE-2005-3061 | 1 Powerarchiver | 4 Powerarchiver 2002, Powerarchiver 2003, Powerarchiver 2004 and 1 more | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive. | |||||
| CVE-2005-3133 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html. | |||||
| CVE-2005-3029 | 1 Ahnlab | 3 V3 Virusblock 2005, V3net, V3pro 2004 | 2016-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive. | |||||
| CVE-2005-2991 | 1 Ncompress | 1 Ncompress | 2016-10-18 | 2.1 LOW | N/A |
| ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970. | |||||
| CVE-2005-3023 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php. | |||||
| CVE-2005-3030 | 1 Ahnlab | 3 V3 Virusblock 2005, V3net, V3pro 2004 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive. | |||||
| CVE-2005-3092 | 1 Image-line Software | 1 Fl Studio | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav file. | |||||
| CVE-2005-3113 | 1 Nateon | 1 Nateon Messenger | 2016-10-18 | 7.5 HIGH | N/A |
| The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to download and execute arbitrary programs by setting the arguments to the GotNate.Excute method. | |||||
| CVE-2005-3114 | 1 Nateon | 1 Nateon Messenger | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long third argument to the GotNate.Excute method. | |||||