Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2255 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php. | |||||
| CVE-2005-2253 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description. | |||||
| CVE-2005-2252 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 7.5 HIGH | N/A |
| PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID. | |||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | |||||
| CVE-2005-2249 | 1 Jinzora | 1 Jinzora | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability. | |||||
| CVE-2005-2248 | 1 Sven-ove Bjerkan | 1 Downloadprotect | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder. | |||||
| CVE-2005-2512 | 1 Apple | 2 Mac Os X, Mail | 2008-09-05 | 2.1 LOW | N/A |
| Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak. | |||||
| CVE-2005-2243 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. | |||||
| CVE-2005-2242 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). | |||||
| CVE-2005-2241 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. | |||||
| CVE-2005-2240 | 1 Xpvm | 1 Xpvm | 2008-09-05 | 2.1 LOW | N/A |
| xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. | |||||
| CVE-2005-2239 | 1 Oftpd | 1 Oftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters. | |||||
| CVE-2005-2237 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2236 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments. | |||||
| CVE-2005-2235 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2234 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2238 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports. | |||||
| CVE-2005-2233 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare. | |||||
| CVE-2005-2232 | 1 Ibm | 1 Aix | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2005-2231 | 1 High Availability Linux Project | 1 Heartbeat | 2008-09-05 | 2.1 LOW | N/A |
| High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-2230 | 1 Elmo | 1 Elmo | 2008-09-05 | 2.1 LOW | N/A |
| Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files. | |||||
| CVE-2005-2228 | 1 Bdc Enterprises | 1 Web Wiz Forums | 2008-09-05 | 5.0 MEDIUM | N/A |
| Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. | |||||
| CVE-2005-2226 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2005-2223 | 1 Mailenable | 2 Mailenable Professional, Mailenable Standard | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication. | |||||
| CVE-2005-2219 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 4.6 MEDIUM | N/A |
| Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action. | |||||
| CVE-2005-2217 | 1 Craig Dansie | 1 Dansie Shopping Cart | 2008-09-05 | 5.0 MEDIUM | N/A |
| Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. | |||||
| CVE-2005-2216 | 1 Photogal | 1 Photogal Photo Gallery | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter. | |||||
| CVE-2005-2215 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888. | |||||
| CVE-2005-2214 | 1 Debian | 1 Apt-setup | 2008-09-05 | 4.6 MEDIUM | N/A |
| apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords. | |||||
| CVE-2005-2212 | 1 Sukria | 1 Backup Manager | 2008-09-05 | 6.4 MEDIUM | N/A |
| Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository. | |||||
| CVE-2005-2211 | 1 Sukria | 1 Backup Manager | 2008-09-05 | 4.6 MEDIUM | N/A |
| Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR. | |||||
| CVE-2005-2210 | 1 Tonec Inc. | 1 Internet Download Manager | 2008-09-05 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2005-2209 | 1 Capturix | 1 Scanshare | 2008-09-05 | 1.9 LOW | N/A |
| Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | |||||
| CVE-2005-2208 | 1 Privashare | 1 Privashare | 2008-09-05 | 5.0 MEDIUM | N/A |
| PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message. | |||||
| CVE-2005-2207 | 1 Elemental Software | 1 Cartwiz | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2005-2206 | 1 Elemental Software | 1 Cartwiz | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp. | |||||
| CVE-2005-2205 | 1 Pngren | 1 Pngren | 2008-09-05 | 7.5 HIGH | N/A |
| The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | |||||
| CVE-2005-2203 | 1 Phpwishlist | 1 Phpwishlist | 2008-09-05 | 7.5 HIGH | N/A |
| login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php. | |||||
| CVE-2005-2202 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-2201 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2008-09-05 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests. | |||||
| CVE-2005-2200 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication. | |||||
| CVE-2005-2199 | 1 Skrypty | 1 Ppa Gallery | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable. | |||||
| CVE-2005-2198 | 1 Spid | 1 Spid | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter. | |||||
| CVE-2005-2196 | 1 Apple | 1 Airport Card | 2008-09-05 | 2.1 LOW | N/A |
| The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network. | |||||
| CVE-2005-2175 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||||
| CVE-2005-2174 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 2.6 LOW | N/A |
| Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. | |||||
| CVE-2005-2173 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. | |||||
| CVE-2005-2169 | 1 Kaf Oseo | 1 Quick And Dirty Phpsource Printer | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when PHPSource Printer uses a regular expression to remove "../" sequences. | |||||
| CVE-2005-2168 | 1 Frozenplague.net | 1 Plague News System | 2008-09-05 | 5.0 MEDIUM | N/A |
| delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter. | |||||
| CVE-2005-2167 | 1 Frozenplague.net | 1 Plague News System | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter. | |||||