Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3101 | 1 Six Apart | 1 Movable Type | 2008-09-05 | 5.0 MEDIUM | N/A |
| The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | |||||
| CVE-2005-3100 | 1 Astaro | 1 Security Linux | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service. | |||||
| CVE-2005-3144 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2008-09-05 | 5.0 MEDIUM | N/A |
| httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service via long HTTP headers. | |||||
| CVE-2005-3097 | 1 Avi Alkalay | 1 Contribute.cgi | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable. | |||||
| CVE-2005-3016 | 1 Francisco Burzi | 1 Php-nuke | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. | |||||
| CVE-2005-3143 | 1 4d | 1 Webstar | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2. | |||||
| CVE-2005-3121 | 1 Eduard Bloch | 1 Module-assistant | 2008-09-05 | 2.1 LOW | N/A |
| A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations. | |||||
| CVE-2005-3093 | 1 Nokia | 2 3210, 7610 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer. | |||||
| CVE-2005-3091 | 1 Mantis | 1 Mantis | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp". | |||||
| CVE-2005-3087 | 1 Securew2 | 1 Securew2 | 2008-09-05 | 5.0 MEDIUM | N/A |
| The SecureW2 3.0 TLS implementation uses weak random number generators (rand and srand from system time) during generation of the pre-master secret (PMS), which makes it easier for attackers to guess the secret and decrypt sensitive data. | |||||
| CVE-2005-3086 | 1 Contentserv | 1 Contentserv | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter. | |||||
| CVE-2005-3277 | 1 Hp | 1 Hp-ux | 2008-09-05 | 10.0 HIGH | N/A |
| The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473. | |||||
| CVE-2005-3171 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. | |||||
| CVE-2005-3085 | 1 Riverdark Studios | 1 Rss Syndicator Module | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Riverdark Studios RSS Syndicator module 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) forum or (2) topic parameters. | |||||
| CVE-2005-3284 | 1 Ahnlab | 3 Myv3, V3net, V3pro 2004 | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. | |||||
| CVE-2005-3084 | 1 Sony | 1 Playstation Portable | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image. | |||||
| CVE-2005-3251 | 1 Gallery Project | 1 Gallery | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter. | |||||
| CVE-2005-3081 | 1 Wzdftpd | 1 Wzdftpd | 2008-09-05 | 4.6 MEDIUM | N/A |
| wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command. | |||||
| CVE-2005-3279 | 1 Jan Kybic | 1 Bitmap Viewer | 2008-09-05 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option. | |||||
| CVE-2005-3080 | 1 Geshi | 1 Geshi | 2008-09-05 | 5.0 MEDIUM | N/A |
| contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set. | |||||
| CVE-2005-3079 | 1 Punbb | 1 Punbb | 2008-09-05 | 4.6 MEDIUM | N/A |
| PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection. | |||||
| CVE-2005-3010 | 1 Cutephp | 1 Cutenews | 2008-09-05 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php. | |||||
| CVE-2005-3012 | 1 Simplecdr-x | 1 Simplecdr-x | 2008-09-05 | 2.1 LOW | N/A |
| The MasterDataCD::createImage function in masterdatacd.cpp for SimpleCDR-X 1.3.3 creates the .temp temporary directory with insecure permissions, which allows local users to read sensitive ISO images. | |||||
| CVE-2005-3015 | 1 Ibm | 2 Lotus Domino, Lotus Domino Enterprise Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. | |||||
| CVE-2005-3270 | 1 Symantec | 1 Norton Antivirus | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. | |||||
| CVE-2005-3165 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients. | |||||
| CVE-2005-3173 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. | |||||
| CVE-2005-3268 | 1 Raphael Bossek | 1 Yiff Server | 2008-09-05 | 2.1 LOW | N/A |
| yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files. | |||||
| CVE-2005-2996 | 1 Symantec Veritas | 2 Storage Exec, Storagecentral | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls. | |||||
| CVE-2005-3150 | 1 Weex | 1 Weex | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames. | |||||
| CVE-2005-3115 | 1 Mpeg-tools | 1 Mpeg-tools | 2008-09-05 | 2.1 LOW | N/A |
| mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, which allows local users to overwrite arbitrary files via (1) ts.stat, (2) ts.mpg, (3) foobar, (4) blockbar, or (5) foobar[NNN]. | |||||
| CVE-2005-3078 | 1 Punbb | 1 Punbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature. | |||||
| CVE-2005-3077 | 1 Microsoft | 1 Ie For Macintosh | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. | |||||
| CVE-2005-3076 | 1 Simplog | 1 Simplog | 2008-09-05 | 7.5 HIGH | N/A |
| Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to blogadmin.php. | |||||
| CVE-2005-3147 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2008-09-05 | 2.1 LOW | N/A |
| StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information. | |||||
| CVE-2005-3075 | 1 Mpc-donkey | 1 Zengaia | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Zengaia before 0.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-3074 | 1 Rsyslog | 1 Rsyslogd | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and before 1.10.1 allows remote attackers to execute arbitrary SQL commands via crafted syslog messages. | |||||
| CVE-2005-3174 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. | |||||
| CVE-2005-3070 | 1 Hylafax | 1 Hylafax | 2008-09-05 | 3.6 LOW | N/A |
| HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file. | |||||
| CVE-2005-2997 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.php. | |||||
| CVE-2005-3069 | 1 Hylafax | 1 Hylafax | 2008-09-05 | 2.1 LOW | N/A |
| xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file. | |||||
| CVE-2005-2935 | 1 Microsoft | 1 Antispyware | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. | |||||
| CVE-2005-2939 | 1 Vmware | 1 Workstation | 2008-09-05 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | |||||
| CVE-2005-2940 | 1 Microsoft | 1 Antispyware | 2008-09-05 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. | |||||
| CVE-2005-2944 | 1 Brent Ely | 1 Gnome Workstation Command Center | 2008-09-05 | 4.6 MEDIUM | N/A |
| The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt temporary file. | |||||
| CVE-2005-3238 | 1 Sun | 1 Solaris | 2008-09-05 | 2.1 LOW | N/A |
| Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors. | |||||
| CVE-2005-3068 | 1 Eric Integrated Development Environment | 1 Eric Integrated Development Environment | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Eric Integrated Development Environment (eric3) before 3.7.2 has unknown impact and attack vectors related to a "potential security exploit." | |||||
| CVE-2005-3017 | 1 Content2web | 1 Content2web | 2008-09-05 | 4.3 MEDIUM | N/A |
| PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS). | |||||
| CVE-2005-3000 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters. | |||||
| CVE-2005-3292 | 1 Xeobook | 1 Xeobook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>. | |||||