Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2219 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 4.6 MEDIUM | N/A |
| Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action. | |||||
| CVE-2005-2222 | 1 Mailenable | 1 Mailenable Professional | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors. | |||||
| CVE-2005-2223 | 1 Mailenable | 2 Mailenable Professional, Mailenable Standard | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication. | |||||
| CVE-2005-2226 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2005-2228 | 1 Bdc Enterprises | 1 Web Wiz Forums | 2008-09-05 | 5.0 MEDIUM | N/A |
| Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. | |||||
| CVE-2005-2230 | 1 Elmo | 1 Elmo | 2008-09-05 | 2.1 LOW | N/A |
| Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files. | |||||
| CVE-2005-2231 | 1 High Availability Linux Project | 1 Heartbeat | 2008-09-05 | 2.1 LOW | N/A |
| High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-2232 | 1 Ibm | 1 Aix | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2005-2233 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare. | |||||
| CVE-2005-2234 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2235 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2236 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments. | |||||
| CVE-2005-2237 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2238 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports. | |||||
| CVE-2005-2239 | 1 Oftpd | 1 Oftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters. | |||||
| CVE-2005-2240 | 1 Xpvm | 1 Xpvm | 2008-09-05 | 2.1 LOW | N/A |
| xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. | |||||
| CVE-2005-2241 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. | |||||
| CVE-2005-2242 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). | |||||
| CVE-2005-2243 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. | |||||
| CVE-2005-2248 | 1 Sven-ove Bjerkan | 1 Downloadprotect | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder. | |||||
| CVE-2005-2249 | 1 Jinzora | 1 Jinzora | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability. | |||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | |||||
| CVE-2005-2252 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 7.5 HIGH | N/A |
| PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID. | |||||
| CVE-2005-2253 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description. | |||||
| CVE-2005-2255 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php. | |||||
| CVE-2005-2256 | 1 Phppgadmin | 1 Phppgadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter. | |||||
| CVE-2005-2258 | 1 Squitosoft | 1 Squito Gallery | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter. | |||||
| CVE-2005-2259 | 1 Usanet Creations | 6 Domain Name Auction, Makebid Auction Deluxe, Makebid Auction Standard and 3 more | 2008-09-05 | 10.0 HIGH | N/A |
| The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter. | |||||
| CVE-2005-2271 | 1 Alexander Clauss | 1 Icab | 2008-09-05 | 2.6 LOW | N/A |
| iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
| CVE-2005-2281 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | |||||
| CVE-2005-2282 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors. | |||||
| CVE-2005-2283 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 2.1 LOW | N/A |
| WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file. | |||||
| CVE-2005-2284 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors. | |||||
| CVE-2005-2285 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration. | |||||
| CVE-2005-2286 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 10.0 HIGH | N/A |
| WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource. | |||||
| CVE-2005-2305 | 1 Dg | 1 Remote Control Server | 2008-09-05 | 7.5 HIGH | N/A |
| DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow. | |||||
| CVE-2005-2306 | 1 Macromedia | 2 Coldfusion, Jrun | 2008-09-05 | 3.7 LOW | N/A |
| Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. | |||||
| CVE-2005-2308 | 1 Microsoft | 1 Ie | 2008-09-05 | 7.5 HIGH | N/A |
| The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg. | |||||
| CVE-2005-2311 | 1 Sms | 1 Sms | 2008-09-05 | 2.1 LOW | N/A |
| SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files. | |||||
| CVE-2005-2312 | 1 Realnode | 1 Emilda | 2008-09-05 | 7.5 HIGH | N/A |
| management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the user_id parameter. | |||||
| CVE-2005-2313 | 1 Checkpoint | 1 Secureclient Ng | 2008-09-05 | 7.2 HIGH | N/A |
| Check Point SecuRemote NG with Application Intelligence R54 allows attackers to obtain credentials and gain privileges via unknown attack vectors. | |||||
| CVE-2005-2315 | 1 Dnrd | 1 Dnrd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS packets with the Z and QR flags cleared. | |||||
| CVE-2005-2316 | 1 Dnrd | 1 Dnrd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (infinite recursion) via a DNS packet that uses message compression in the QNAME and two pointers that point to each other (circular buffer). | |||||
| CVE-2005-2317 | 1 Shorewall | 1 Shorewall | 2008-09-05 | 7.5 HIGH | N/A |
| Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies. | |||||
| CVE-2005-2318 | 1 Dvbbs | 1 Dvbbs | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2005-2319 | 1 Yawp | 1 Yawp | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter. | |||||
| CVE-2005-2320 | 1 Webcalendar | 1 Webcalendar | 2008-09-05 | 7.5 HIGH | N/A |
| WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges. | |||||
| CVE-2005-2321 | 1 Calogic | 1 Calogic | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrary code via the CLPATH parameter to (1) cl_minical.php, (2) clmcpreload.php, (3) mcconfig.php, or (4) mcpi-demo.php. | |||||
| CVE-2005-2322 | 2 Class-1, Clever Copy | 2 Class-1 Forum, Clever Copy | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the (1) viewuser_id or (2) group parameter to users.php. | |||||
| CVE-2005-2323 | 2 Class-1, Clever Copy | 2 Class-1 Forum, Clever Copy | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php. | |||||