Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0639 | 3 Altlinux, Suse, Xli | 3 Alt Linux, Suse Linux, Xli | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files. | |||||
| CVE-2005-0661 | 1 Woltlab | 1 Burning Board | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie. | |||||
| CVE-2005-0675 | 1 Phpoutsourcing | 1 Zorum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters. | |||||
| CVE-2005-0662 | 1 Mercuryboard | 1 Mercuryboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field. | |||||
| CVE-2005-0644 | 1 Mcafee | 1 Antivirus Engine | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643. | |||||
| CVE-2005-0608 | 1 Webmod | 1 Webmod | 2008-09-05 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a POST request with a Content-Length that is less than the amount of data that is actually sent. | |||||
| CVE-2005-0594 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code. | |||||
| CVE-2005-0627 | 1 Trolltech | 1 Qt | 2008-09-05 | 4.6 MEDIUM | N/A |
| Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. | |||||
| CVE-2005-0544 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0539 | 1 Ibm | 1 Hardware Management Console | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard. | |||||
| CVE-2005-0538 | 1 Ginp | 1 Ginp | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (1) GinpPictureServlet.java and (2) PicCollection.java in ginp (Java Photo Gallery Web Application) before 0.22 allows remote attackers to read arbitrary files. | |||||
| CVE-2005-0612 | 1 Cisco | 7 Ipvc-3510-mcu, Ipvc-3520-gw-2b, Ipvc-3520-gw-2b2v and 4 more | 2008-09-05 | 7.5 HIGH | N/A |
| Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain hard-coded default SNMP community strings, which allows remote attackers to gain access, cause a denial of service, and modify configuration. | |||||
| CVE-2005-0523 | 1 Prozilla | 1 Prozilla Download Accelerator | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header. | |||||
| CVE-2005-0522 | 1 Lionmax Software | 1 Chat Anywhere | 2008-09-05 | 4.6 MEDIUM | N/A |
| Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges. | |||||
| CVE-2005-0521 | 1 Sendlink | 1 Sendlink | 2008-09-05 | 2.1 LOW | N/A |
| SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges. | |||||
| CVE-2005-0518 | 1 Exeem | 1 Exeem | 2008-09-05 | 2.1 LOW | N/A |
| eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values. | |||||
| CVE-2005-0517 | 1 Peerftp 5 | 1 Peerftp 5 | 2008-09-05 | 2.1 LOW | N/A |
| PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges. | |||||
| CVE-2005-0515 | 1 Webroot Software | 1 My Firewall Plus | 2008-09-05 | 2.1 LOW | N/A |
| Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files. | |||||
| CVE-2005-0362 | 1 Awstats | 1 Awstats | 2008-09-05 | 4.6 MEDIUM | N/A |
| awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters. | |||||
| CVE-2005-0610 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
| Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file. | |||||
| CVE-2005-0514 | 1 Verity | 1 Verity Ultraseek | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters. | |||||
| CVE-2005-0512 | 1 Mambo | 1 Mambo | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. | |||||
| CVE-2005-0510 | 1 Fallback-reboot | 1 Fallback-reboot | 2008-09-05 | 2.1 LOW | N/A |
| The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty. | |||||
| CVE-2005-0489 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 4.9 MEDIUM | N/A |
| The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows local users to cause a denial of service via unknown vectors that cause an invalid access of free memory. | |||||
| CVE-2005-0387 | 1 Remstats | 1 Remstats | 2008-09-05 | 2.1 LOW | N/A |
| remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-0363 | 1 Awstats | 1 Awstats | 2008-09-05 | 7.5 HIGH | N/A |
| awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. | |||||
| CVE-2005-0484 | 1 Gproftpd | 1 Gproftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log. | |||||
| CVE-2005-0388 | 1 Remstats | 1 Remstats | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising." | |||||
| CVE-2005-0596 | 1 Php | 1 Php | 2008-09-05 | 2.1 LOW | N/A |
| PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size. | |||||
| CVE-2005-0465 | 1 Sgi | 1 Irix | 2008-09-05 | 2.1 LOW | N/A |
| gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option. | |||||
| CVE-2005-0464 | 1 Sgi | 1 Irix | 2008-09-05 | 2.1 LOW | N/A |
| gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error. | |||||
| CVE-2005-0463 | 1 Inl | 1 Ulog-php | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php. | |||||
| CVE-2005-0462 | 1 Mercuryboard | 1 Mercuryboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter. | |||||
| CVE-2005-0574 | 1 Cupidsystems | 1 Cis Webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL. | |||||
| CVE-2005-0461 | 1 Leonard Richardson | 1 Newsbruiser | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote attackers to "take actions on comments." | |||||
| CVE-2005-0460 | 1 Mercuryboard | 1 Mercuryboard | 2008-09-05 | 5.0 MEDIUM | N/A |
| index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter. | |||||
| CVE-2005-0459 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0576 | 1 Sun | 1 Solaris | 2008-09-05 | 3.6 LOW | N/A |
| Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. | |||||
| CVE-2005-0577 | 1 Dna | 1 Mkbold-mkitalic | 2008-09-05 | 5.1 MEDIUM | N/A |
| Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files. | |||||
| CVE-2005-0620 | 1 Bfriendly.com | 1 Einstein | 2008-09-05 | 2.1 LOW | N/A |
| Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information. | |||||
| CVE-2005-0649 | 1 Pixel-apes Group | 1 Safehtml | 2008-09-05 | 4.3 MEDIUM | N/A |
| Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." | |||||
| CVE-2005-0579 | 1 Freenx | 1 Freenx | 2008-09-05 | 4.6 MEDIUM | N/A |
| nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication. | |||||
| CVE-2005-0618 | 2 Nexland, Symantec | 4 Pro800turbo, Firewall Vpn Appliance 200r, Gateway Security 360 and 1 more | 2008-09-05 | 6.4 MEDIUM | N/A |
| The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network. | |||||
| CVE-2005-0580 | 1 Krzysztof Dabrowski | 1 Cmd5checkpw | 2008-09-05 | 2.1 LOW | N/A |
| cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file. | |||||
| CVE-2005-0648 | 1 Pixel-apes Group | 1 Safehtml | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol." | |||||
| CVE-2005-0404 | 2 Kde, Kmail | 2 Kde, Kmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email. | |||||
| CVE-2005-0453 | 1 Lighttpd | 1 Lighttpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension. | |||||
| CVE-2005-0451 | 1 Sami | 1 Sami Http Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of service via an HTTP request containing two CRLF sequences, which triggers a NULL dereference. | |||||
| CVE-2005-0450 | 1 Sami | 1 Sami Http Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows remote attackers to read arbitrary files via an HTTP request containing (1) .. (dot dot) or (2) "%2e%2e" (encoded dot dot) sequences. | |||||
| CVE-2005-0393 | 1 Crip | 1 Crip | 2008-09-05 | 7.2 HIGH | N/A |
| The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors. | |||||