Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2166 | 1 Frozenplague.net | 1 Plague News System | 2008-09-05 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2005-2165 | 1 Globalnotescript | 1 Globalnotescript | 2008-09-05 | 7.5 HIGH | N/A |
| read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters. | |||||
| CVE-2005-2154 | 1 Osticket | 1 Osticket Sts | 2008-09-05 | 7.5 HIGH | N/A |
| PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. | |||||
| CVE-2005-2153 | 1 Osticket | 1 Osticket Sts | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable. | |||||
| CVE-2005-2152 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article. | |||||
| CVE-2005-2151 | 1 Double Precision Incorporated | 1 Courier Mail Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. | |||||
| CVE-2005-2147 | 1 Edgewall Software | 1 Trac | 2008-09-05 | 6.4 MEDIUM | N/A |
| Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts. | |||||
| CVE-2005-2146 | 1 Ssh | 1 Tectia Server | 2008-09-05 | 4.6 MEDIUM | N/A |
| SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server. | |||||
| CVE-2005-2144 | 1 Prevx | 1 Prevx Pro 2005 | 2008-09-05 | 2.1 LOW | N/A |
| Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file. | |||||
| CVE-2005-2143 | 1 Microsoft | 1 Frontpage | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. | |||||
| CVE-2005-2511 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window. | |||||
| CVE-2005-1888 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. | |||||
| CVE-2005-1975 | 1 Annuaire | 1 1two | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php. | |||||
| CVE-2005-1886 | 1 Yapig | 1 Yapig | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment. | |||||
| CVE-2005-1885 | 1 Yapig | 1 Yapig | 2008-09-05 | 5.0 MEDIUM | N/A |
| view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message. | |||||
| CVE-2005-1848 | 1 Phystech | 1 Dhcpcd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read. | |||||
| CVE-2005-1815 | 1 Hummingbird | 1 Connectivity | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long argument to FTPD (ftpdw.exe) or (2) a large amount of data to LPD (Lpdw.exe). | |||||
| CVE-2005-1847 | 1 Yamt | 1 Yamt | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options. | |||||
| CVE-2005-1884 | 1 Yapig | 1 Yapig | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
| CVE-2005-1853 | 1 University Of Minnesota | 1 Gopher | 2008-09-05 | 7.2 HIGH | N/A |
| gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges. | |||||
| CVE-2005-1909 | 1 Software602 | 1 602lan Suite | 2008-09-05 | 4.3 MEDIUM | N/A |
| The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "</pre><!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2005-1917 | 1 Kpopper | 1 Kpopper | 2008-09-05 | 2.1 LOW | N/A |
| kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file. | |||||
| CVE-2005-2073 | 1 Ibm | 1 Db2 | 2008-09-05 | 2.1 LOW | N/A |
| Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. | |||||
| CVE-2005-2031 | 1 Socialmpn | 1 Socialmpn | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php. | |||||
| CVE-2005-1883 | 1 Yapig | 1 Yapig | 2008-09-05 | 5.0 MEDIUM | N/A |
| global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter. | |||||
| CVE-2005-1877 | 1 Lpanel | 1 Lpanel | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter. | |||||
| CVE-2005-2029 | 1 Amarok | 1 Web Frontend | 2008-09-05 | 7.5 HIGH | N/A |
| amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file. | |||||
| CVE-2005-2078 | 1 Sofotex | 1 Bisonftp | 2008-09-05 | 2.1 LOW | N/A |
| BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument. | |||||
| CVE-2005-2079 | 1 Symantec Veritas | 1 Backup Exec | 2008-09-05 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-1882 | 1 Yapig | 1 Yapig | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter. | |||||
| CVE-2005-1881 | 1 Yapig | 1 Yapig | 2008-09-05 | 7.5 HIGH | N/A |
| upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. | |||||
| CVE-2005-1880 | 1 Everybuddy | 1 Everybuddy | 2008-09-05 | 2.1 LOW | N/A |
| everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | |||||
| CVE-2005-1846 | 1 Yamt | 1 Yamt | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options. | |||||
| CVE-2005-1879 | 1 Tomasz Lutelmowski | 1 Lutelwall | 2008-09-05 | 2.1 LOW | N/A |
| LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | |||||
| CVE-2005-2101 | 1 Kde | 1 Kde | 2008-09-05 | 5.0 MEDIUM | N/A |
| langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. | |||||
| CVE-2005-1878 | 1 Giptables | 1 Giptables Firewall | 2008-09-05 | 1.2 LOW | N/A |
| GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file. | |||||
| CVE-2005-1843 | 1 Adobe | 1 Version Cue | 2008-09-05 | 4.6 MEDIUM | N/A |
| VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument. | |||||
| CVE-2005-1922 | 1 Clam Anti-virus | 1 Clamav | 2008-09-05 | 5.0 MEDIUM | N/A |
| The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function. | |||||
| CVE-2005-1842 | 1 Adobe | 1 Version Cue | 2008-09-05 | 2.1 LOW | N/A |
| VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-2005-1869 | 1 Appindex | 1 Mwchat | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter. | |||||
| CVE-2005-1866 | 1 Vincent Hor | 1 Calendarix Advanced | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter. | |||||
| CVE-2005-1923 | 1 Clam Anti-virus | 1 Clamav | 2008-09-05 | 2.6 LOW | N/A |
| The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read. | |||||
| CVE-2005-1859 | 1 Sgi | 1 Propack | 2008-09-05 | 7.2 HIGH | N/A |
| Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array. | |||||
| CVE-2005-1779 | 1 Maxwebportal | 1 Maxwebportal | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter. | |||||
| CVE-2005-1780 | 1 Dotnetindex | 1 Active News Manager | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2005-1781 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2005-1786 | 1 Funkyasp | 1 Funkyasp Ad System | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter. | |||||
| CVE-2005-1941 | 1 Silvercity | 1 Silvercity | 2008-09-05 | 3.7 LOW | N/A |
| SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | |||||
| CVE-2005-1959 | 1 Jammail | 1 Jammail | 2008-09-05 | 7.5 HIGH | N/A |
| jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute arbitrary commands via shell metacharacters in the mail parameter. | |||||
| CVE-2005-1788 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter. | |||||