Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3187 | 1 Bluecoat | 1 Winproxy | 2011-03-08 | 5.0 MEDIUM | N/A |
| The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read. | |||||
| CVE-2005-3002 | 1 Xclusive-software | 1 Mccs | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multi-Computer Control System (MCCS) 1.0 allows remote attackers to cause a denial of service via a malformed UDP packet. | |||||
| CVE-2005-3001 | 1 Sun | 1 Solaris | 2011-03-08 | 2.1 LOW | N/A |
| Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. | |||||
| CVE-2005-2764 | 1 Openttd | 1 Openttd | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2005-2616 | 1 Ezupload | 1 Ezupload | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php. | |||||
| CVE-2005-2314 | 1 Phpsftpd | 1 Phpsftpd | 2011-03-08 | 7.5 HIGH | N/A |
| inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's username and password by setting the do_login parameter and performing an edit action using user.php, which causes the login check to be bypassed and leaks the password in the response. | |||||
| CVE-2005-2603 | 1 My Image Gallery | 1 My Image Gallery | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters. | |||||
| CVE-2005-2627 | 1 Kismet | 1 Kismet | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows. | |||||
| CVE-2005-2342 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Router | 2011-03-08 | 7.8 HIGH | N/A |
| Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing Protocol (SRP) packets. | |||||
| CVE-2005-2759 | 1 Symantec | 1 Norton Antivirus | 2011-03-08 | 7.2 HIGH | N/A |
| ** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue. | |||||
| CVE-2005-2343 | 1 Rim | 3 Blackberry, Blackberry Desktop Manager, Blackberry Device Software | 2011-03-08 | 2.6 LOW | N/A |
| Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed. | |||||
| CVE-2005-2626 | 1 Kismet | 1 Kismet | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID. | |||||
| CVE-2005-2606 | 1 Phlymail | 1 Phlymail | 2011-03-08 | 7.5 HIGH | N/A |
| Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors. | |||||
| CVE-2005-2661 | 1 Up-imapproxy | 1 Up-imapproxy | 2011-03-08 | 7.5 HIGH | N/A |
| Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line. | |||||
| CVE-2005-2604 | 1 My Image Gallery | 1 My Image Gallery | 2011-03-08 | 5.0 MEDIUM | N/A |
| index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message. | |||||
| CVE-2005-2157 | 1 Nabocorp | 1 Nabopoll | 2011-03-08 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter. | |||||
| CVE-2005-1892 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 6.4 MEDIUM | N/A |
| FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message. | |||||
| CVE-2005-2139 | 1 Pavsta | 1 Pavsta Auto Site | 2011-03-08 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter. | |||||
| CVE-2005-1930 | 1 Trend Micro | 1 Serverprotect | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Crystal Report component (rptserver.asp) in Trend Micro ServerProtect Management Console 5.58, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, and possibly earlier versions, allows remote attackers to read arbitrary files via the IMAGE parameter. | |||||
| CVE-2005-1915 | 1 Log4sh | 1 Log4sh | 2011-03-08 | 2.1 LOW | N/A |
| The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames. | |||||
| CVE-2005-1894 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 7.5 HIGH | N/A |
| Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker. | |||||
| CVE-2005-1895 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php. | |||||
| CVE-2005-2176 | 1 Novell | 1 Netmail | 2011-03-08 | 6.4 MEDIUM | N/A |
| Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||||
| CVE-2005-1896 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter. | |||||
| CVE-2005-2074 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php. | |||||
| CVE-2005-1893 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 5.0 MEDIUM | N/A |
| FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message. | |||||
| CVE-2005-2075 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 5.0 MEDIUM | N/A |
| PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0. | |||||
| CVE-2005-2149 | 1 The Cacti Group | 1 Cacti | 2011-03-08 | 10.0 HIGH | N/A |
| config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. | |||||
| CVE-2005-2020 | 1 3com | 1 3c15100d | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700. | |||||
| CVE-2005-1889 | 1 Sun | 1 Java System Web Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. | |||||
| CVE-2005-1906 | 1 Livingmailing | 1 Livingmailing | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in livingmailing 1.3 allows remote attackers to execute arbitrary SQL commands via the password. NOTE: there is little public information about this product and its vendor, and the original researcher announcement is no longer available. | |||||
| CVE-2005-2170 | 1 Ibm | 1 Tivoli Management Framework | 2011-03-08 | 5.0 MEDIUM | N/A |
| The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data. | |||||
| CVE-2005-2037 | 1 Fortibus | 1 Fortibus Cms | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page. | |||||
| CVE-2005-1874 | 1 Evan Wagner | 1 Dzip | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a .. (dot dot) in a .dz archive. | |||||
| CVE-2005-2076 | 1 Hp | 1 Version Control Repository Manager | 2011-03-08 | 2.1 LOW | N/A |
| HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen. | |||||
| CVE-2005-1603 | 1 Niteenterprises | 1 Remote File Manager | 2011-03-08 | 5.0 MEDIUM | N/A |
| NiteEnterprises Remote File Manager 1.0 allows remote attackers to cause a denial of service (crash) via a crafted string to TCP port 7080. | |||||
| CVE-2005-1517 | 1 Cisco | 1 Firewall Services Module | 2011-03-08 | 7.5 HIGH | N/A |
| Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs). | |||||
| CVE-2005-1714 | 1 Netwin | 1 Surgemail | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1807 | 1 Phpmailer | 1 Phpmailer | 2011-03-08 | 5.0 MEDIUM | N/A |
| The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field. | |||||
| CVE-2005-1646 | 1 Fastream | 1 Netfile Ftp Web Server | 2011-03-08 | 7.5 HIGH | N/A |
| The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service. | |||||
| CVE-2005-1579 | 1 Apple | 1 Quicktime | 2011-03-08 | 5.0 MEDIUM | N/A |
| Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker. | |||||
| CVE-2005-1730 | 1 Novell | 1 Imanager | 2011-03-08 | 9.3 HIGH | N/A |
| Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112. | |||||
| CVE-2005-1757 | 1 Novell | 1 Netmail | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. | |||||
| CVE-2005-1756 | 1 Novell | 1 Netmail | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields. | |||||
| CVE-2005-1805 | 1 Online Solutions For Educators | 1 Online Solutions For Educators | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in an unknown product by Online Solutions for Educators (OS4E) allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2005-1826 | 1 Hp | 1 Radia Client | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension. | |||||
| CVE-2005-1785 | 1 Zongg | 1 Zongg | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1709 | 1 Bluecoat | 1 Reporter | 2011-03-08 | 7.5 HIGH | N/A |
| Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license. | |||||
| CVE-2005-1758 | 1 Novell | 1 Netmail | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-1453 | 1 Leafnode | 1 Leafnode | 2011-03-08 | 5.0 MEDIUM | N/A |
| fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers. | |||||