Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1800 | 1 Clam Anti-virus | 1 Clamav | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php. | |||||
| CVE-2005-1801 | 1 Nokia | 1 9500 | 2008-09-10 | 2.6 LOW | N/A |
| The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it. | |||||
| CVE-2005-1873 | 1 Crob | 1 Crob Ftp | 2008-09-10 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with a long string or (2) a globbing ("*") character followed by a long string. | |||||
| CVE-2005-1912 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1841. Reason: This candidate is a duplicate of CVE-2005-1841. Notes: this duplicate occurred as a result of separate assignments by multiple CNAs, one to the researcher and one to the vendor. All CVE users should reference CVE-2005-1841 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-1919 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2005-1938 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1250. Reason: This candidate is a duplicate of CVE-2005-1250. Notes: this duplicate occurred as a result of multiple independent discoveries and insufficient coordination by the vendor and CNA. All CVE users should reference CVE-2005-1250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-1958 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1855. Reason: This candidate is a duplicate of CVE-2005-1855. Notes: All CVE users should reference CVE-2005-1855 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-1430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 3.6 LOW | N/A |
| Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users. | |||||
| CVE-2005-1545 | 1 Ht Editor | 1 Ht Editor | 2008-09-10 | 5.1 MEDIUM | N/A |
| Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow. | |||||
| CVE-2005-1546 | 1 Ht Editor | 1 Ht Editor | 2008-09-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file. | |||||
| CVE-2005-1630 | 1 Opentools | 1 Attachment Mod | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in Attachment Mod before 2.3.13, related to a "serious issue with realnames," has unknown impact and attack vectors. | |||||
| CVE-2005-1690 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1250. Reason: This candidate is a duplicate of CVE-2005-1250. Notes: this duplicate occurred as a result of multiple independent discoveries and insufficient coordination by the vendor and CNA. All CVE users should reference CVE-2005-1250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-1271 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1343. Reason: This candidate is a reservation duplicate of CVE-2005-1343. Notes: All CVE users should reference CVE-2005-1343 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-1277 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1766. Reason: This candidate is a duplicate of CVE-2005-1766. Notes: This duplicate occurred due to insufficient coordination across three separate parties. All CVE users should reference CVE-2005-1766 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-1316 | 1 Horde | 1 Accounts | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-1334 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1579. Reason: This candidate is a duplicate of CVE-2005-1579. Notes: All CVE users should reference CVE-2005-1579 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-1344 | 1 Apache | 1 Http Server | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
| CVE-2005-1389 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0175. Reason: This candidate is a duplicate of CVE-2005-0175. Notes: All CVE users should reference CVE-2005-0175 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-1390 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0174. Reason: This candidate is a duplicate of CVE-2005-0174. Notes: All CVE users should reference CVE-2005-0174 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0840 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0706. Reason: This candidate is a duplicate of CVE-2005-0706. Notes: All CVE users should reference CVE-2005-0706 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0926 | 1 Sylpheed | 1 Sylpheed | 2008-09-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names. | |||||
| CVE-2005-0940 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0490. Reason: This candidate was inadvertently referenced in a vendor advisory due to a typo. Notes: All CVE users should reference CVE-2005-0490 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0951 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate was created as a result of an analysis error for a researcher advisory for an issue that already existed. It stated an incorrect parameter, which was not part of the vulnerability at all. Notes: CVE users should not reference this candidate at all. | |||||
| CVE-2005-1032 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** cart.php in LiteCommerce might allow remote attackers to obtain sensitive information via invalid (1) category_id or (2) product_id parameters. NOTE: this issue was originally claimed to be due to SQL injection, but the original researcher is known to be frequently inaccurate with respect to bug type and severity. The vendor has disputed this issue, saying "These reports are credited to malicious person we refused to hire. We have not taken legal action against him only because he is located in India. The vulnerabilites reported can not be reproduced, hence information you provide is contrary to fact." Further investigation by CVE personnel shows that an invalid SQL syntax error could be generated, but it only reveals portions of underlying database structure, which is already available in documentation from the vendor, and it does not appear to lead to path disclosure. Therefore, this issue is not a vulnerability or an exposure, and it probably should be REJECTED. | |||||
| CVE-2005-1044 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0941. Reason: This candidate is a duplicate of CVE-2005-0941. Notes: All CVE users should reference CVE-2005-0941 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0503 | 2 Mandrakesoft, Uim | 2 Mandrake Linux, Uim | 2008-09-10 | 4.6 MEDIUM | N/A |
| uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges. | |||||
| CVE-2005-0508 | 1 Apache | 1 Batik | 2008-09-10 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue." | |||||
| CVE-2005-0528 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0985. Reason: This candidate is a duplicate of CVE-2003-0985. Notes: All CVE users should reference CVE-2003-0985 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0643 | 1 Mcafee | 1 Antivirus Engine | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files. | |||||
| CVE-2005-0683 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0659. Reason: This candidate is a duplicate of CVE-2005-0659. Notes: All CVE users should reference CVE-2005-0659 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0712 | 1 Apple | 1 Mac Os X | 2008-09-10 | 4.6 MEDIUM | N/A |
| Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles. | |||||
| CVE-2005-0714 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0340. Reason: This candidate is a reservation duplicate of CVE-2005-0340. Notes: All CVE users should reference CVE-2005-0340 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0727 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0735. Reason: This candidate is a duplicate of CVE-2005-0735. Notes: All CVE users should reference CVE-2005-0727 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0728 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0736. Reason: This candidate is a duplicate of CVE-2005-0736. Notes: All CVE users should reference CVE-2005-0736 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0751 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none. | |||||
| CVE-2005-0133 | 1 Clam Anti-virus | 1 Clamav | 2008-09-10 | 5.0 MEDIUM | N/A |
| ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers. | |||||
| CVE-2005-0157 | 1 Smartlist | 1 Smartlist | 2008-09-10 | 7.5 HIGH | N/A |
| The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned. | |||||
| CVE-2005-0203 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none. | |||||
| CVE-2005-0218 | 1 Clam Anti-virus | 1 Clamav | 2008-09-10 | 5.0 MEDIUM | N/A |
| ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL. | |||||
| CVE-2005-0228 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1388. Reason: This candidate is a duplicate of CVE-2004-1388. Notes: All CVE users should reference CVE-2004-1388 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0258 | 1 Phpbb Group | 1 Phpbb | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | |||||
| CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2008-09-10 | 6.4 MEDIUM | N/A |
| phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | |||||
| CVE-2005-0389 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0814. Reason: This candidate is a duplicate of CVE-2005-0814. Notes: All CVE users should reference CVE-2005-0814 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0395 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none. | |||||
| CVE-2005-0406 | 1 Image Processing Software | 1 Image Processing Software | 2008-09-10 | 2.1 LOW | N/A |
| A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image. | |||||
| CVE-2005-0407 | 1 Zakon Group | 1 Openconf | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title. | |||||
| CVE-2005-0408 | 1 Citrusdb | 1 Citrusdb | 2008-09-10 | 7.5 HIGH | N/A |
| CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable. | |||||
| CVE-2005-0409 | 1 Citrusdb | 1 Citrusdb | 2008-09-10 | 6.4 MEDIUM | N/A |
| CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities. | |||||
| CVE-2005-0410 | 1 Citrusdb | 1 Citrusdb | 2008-09-10 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file. | |||||
| CVE-2005-0411 | 1 Citrusdb | 1 Citrusdb | 2008-09-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter. | |||||