Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1789 | 1 India Software Solution | 1 Shopping Cart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2005-1792 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache. | |||||
| CVE-2005-1797 | 1 Openssl | 1 Openssl | 2008-09-05 | 5.1 MEDIUM | N/A |
| The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. | |||||
| CVE-2005-1798 | 1 Serverscheck | 1 Monitoring Software | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. | |||||
| CVE-2005-1799 | 1 Freestyle | 2 Wiki, Wikilite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1802 | 1 Nortel | 9 Contivity, Vpn Router 1010, Vpn Router 1050 and 6 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. | |||||
| CVE-2005-1803 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php. | |||||
| CVE-2005-1804 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php. | |||||
| CVE-2005-1811 | 1 Mybulletinboard | 1 Mybulletinboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile. | |||||
| CVE-2005-1815 | 1 Hummingbird | 1 Connectivity | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long argument to FTPD (ftpdw.exe) or (2) a large amount of data to LPD (Lpdw.exe). | |||||
| CVE-2005-1816 | 1 Invision Power Services | 1 Invision Board | 2008-09-05 | 4.6 MEDIUM | N/A |
| Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen. | |||||
| CVE-2005-1817 | 1 Invision Power Services | 1 Invision Board | 2008-09-05 | 5.0 MEDIUM | N/A |
| Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters. | |||||
| CVE-2005-1818 | 1 Newlife Blogger | 1 Newlife Blogger | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 allow remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2005-1819 | 1 Nikosoft | 1 Webmail | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1820 | 1 Zeroboard | 1 Zeroboard | 2008-09-05 | 7.5 HIGH | N/A |
| zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function. | |||||
| CVE-2005-1824 | 1 Gnu | 1 Mailutils | 2008-09-05 | 7.5 HIGH | N/A |
| The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. | |||||
| CVE-2005-1841 | 1 Adobe | 1 Acrobat Reader | 2008-09-05 | 2.1 LOW | N/A |
| The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it. | |||||
| CVE-2005-1842 | 1 Adobe | 1 Version Cue | 2008-09-05 | 2.1 LOW | N/A |
| VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-2005-1843 | 1 Adobe | 1 Version Cue | 2008-09-05 | 4.6 MEDIUM | N/A |
| VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument. | |||||
| CVE-2005-1846 | 1 Yamt | 1 Yamt | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options. | |||||
| CVE-2005-1847 | 1 Yamt | 1 Yamt | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options. | |||||
| CVE-2005-1848 | 1 Phystech | 1 Dhcpcd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read. | |||||
| CVE-2005-1853 | 1 University Of Minnesota | 1 Gopher | 2008-09-05 | 7.2 HIGH | N/A |
| gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges. | |||||
| CVE-2005-1855 | 2 Debian, Sukria | 2 Debian Linux, Backup Manager | 2008-09-05 | 2.1 LOW | N/A |
| Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information. | |||||
| CVE-2005-1856 | 1 Sukria | 1 Backup Manager | 2008-09-05 | 2.1 LOW | N/A |
| The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack. | |||||
| CVE-2005-1858 | 1 Fuse | 1 Fuse | 2008-09-05 | 2.1 LOW | N/A |
| FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information. | |||||
| CVE-2005-1859 | 1 Sgi | 1 Propack | 2008-09-05 | 7.2 HIGH | N/A |
| Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array. | |||||
| CVE-2005-1864 | 1 Vincent Hor | 1 Calendarix Advanced | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter. | |||||
| CVE-2005-1865 | 1 Vincent Hor | 1 Calendarix Advanced | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php. | |||||
| CVE-2005-1866 | 1 Vincent Hor | 1 Calendarix Advanced | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter. | |||||
| CVE-2005-1869 | 1 Appindex | 1 Mwchat | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter. | |||||
| CVE-2005-1877 | 1 Lpanel | 1 Lpanel | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter. | |||||
| CVE-2005-1878 | 1 Giptables | 1 Giptables Firewall | 2008-09-05 | 1.2 LOW | N/A |
| GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file. | |||||
| CVE-2005-1879 | 1 Tomasz Lutelmowski | 1 Lutelwall | 2008-09-05 | 2.1 LOW | N/A |
| LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | |||||
| CVE-2005-1880 | 1 Everybuddy | 1 Everybuddy | 2008-09-05 | 2.1 LOW | N/A |
| everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | |||||
| CVE-2005-1881 | 1 Yapig | 1 Yapig | 2008-09-05 | 7.5 HIGH | N/A |
| upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. | |||||
| CVE-2005-1882 | 1 Yapig | 1 Yapig | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter. | |||||
| CVE-2005-1883 | 1 Yapig | 1 Yapig | 2008-09-05 | 5.0 MEDIUM | N/A |
| global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter. | |||||
| CVE-2005-1884 | 1 Yapig | 1 Yapig | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
| CVE-2005-1885 | 1 Yapig | 1 Yapig | 2008-09-05 | 5.0 MEDIUM | N/A |
| view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message. | |||||
| CVE-2005-1886 | 1 Yapig | 1 Yapig | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment. | |||||
| CVE-2005-1888 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. | |||||
| CVE-2005-1890 | 1 Mortiforo | 1 Mortiforo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors. | |||||
| CVE-2005-1897 | 1 Flexcast | 1 Flexcast Audio Video Streaming Server | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors. | |||||
| CVE-2005-1898 | 1 Phpthumb | 1 Phpthumb | 2008-09-05 | 5.0 MEDIUM | N/A |
| The passthrough functionality in phpThumb.php in phpThumb() before 1.5.4 allows remote attackers to read files that are not images. | |||||
| CVE-2005-1904 | 1 Jiro | 1 Jiro Upload System | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) 1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1908 | 1 Perception | 1 Liteweb | 2008-09-05 | 7.5 HIGH | N/A |
| Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL. | |||||
| CVE-2005-1909 | 1 Software602 | 1 602lan Suite | 2008-09-05 | 4.3 MEDIUM | N/A |
| The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "</pre><!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2005-1910 | 1 Wwweb Concepts | 1 Events System | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2005-1911 | 1 Leafnode | 1 Leafnode | 2008-09-05 | 5.0 MEDIUM | N/A |
| The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang while waiting for input that never arrives, which allows remote NNTP servers to cause a denial of service (news loss). | |||||