Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1713 | 1 S9y | 1 Serendipity | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins. | |||||
| CVE-2005-1715 | 1 Ej3 | 1 Topo | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section. | |||||
| CVE-2005-1716 | 1 Ej3 | 1 Topo | 2008-09-05 | 5.0 MEDIUM | N/A |
| TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses. | |||||
| CVE-2005-1717 | 1 Zyxel | 1 Prestige 650r-31 | 2008-09-05 | 5.0 MEDIUM | N/A |
| ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets. | |||||
| CVE-2005-1718 | 1 Ls Games | 1 War Times | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname. | |||||
| CVE-2005-1719 | 1 Alwil | 1 Avast Antivirus | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses. | |||||
| CVE-2005-1720 | 1 Apple | 1 Afp Server | 2008-09-05 | 2.1 LOW | N/A |
| AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL. | |||||
| CVE-2005-1721 | 1 Apple | 1 Afp Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code. | |||||
| CVE-2005-1722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.2 HIGH | N/A |
| Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions. | |||||
| CVE-2005-1723 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 7.5 HIGH | N/A |
| LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions. | |||||
| CVE-2005-1724 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 7.5 HIGH | N/A |
| NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2005-1727 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 3.7 LOW | N/A |
| Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions." | |||||
| CVE-2005-1728 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Portable Home Directory credentials, which allows local users to obtain the credentials. | |||||
| CVE-2005-1729 | 1 Novell | 1 Edirectory | 2008-09-05 | 5.0 MEDIUM | N/A |
| Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. | |||||
| CVE-2005-1734 | 1 Electricmonk | 1 Proms | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-1735 | 1 Electricmonk | 1 Proms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1736 | 1 Electricmonk | 1 Proms | 2008-09-05 | 7.5 HIGH | N/A |
| PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended. | |||||
| CVE-2005-1738 | 1 Iron Bars Shell | 1 Iron Bars Shell | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call. | |||||
| CVE-2005-1750 | 1 Distinct Web Creations | 1 Newsletterez | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1035 | 1 Pavuk | 1 Pavuk | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact. | |||||
| CVE-2005-1036 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
| FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. | |||||
| CVE-2005-1037 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. | |||||
| CVE-2005-1039 | 1 Gnu | 1 Coreutils | 2008-09-05 | 3.7 LOW | N/A |
| Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. | |||||
| CVE-2005-1040 | 1 Novell | 1 Linux Desktop | 2008-09-05 | 7.2 HIGH | N/A |
| Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification." | |||||
| CVE-2005-1061 | 2 Logwatch, Redhat | 3 Logwatch, Enterprise Linux, Linux Advanced Workstation | 2008-09-05 | 5.0 MEDIUM | N/A |
| The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS." | |||||
| CVE-2005-1063 | 1 Kerio | 3 Kerio Mailserver, Personal Firewall, Winroute Firewall | 2008-09-05 | 5.0 MEDIUM | N/A |
| The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations." | |||||
| CVE-2005-1065 | 1 Novell | 1 Linux Desktop | 2008-09-05 | 2.1 LOW | N/A |
| tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory. | |||||
| CVE-2005-1066 | 1 University Of Washington | 1 Pine | 2008-09-05 | 1.2 LOW | N/A |
| Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-1067 | 1 Access User Class | 1 Access User Class | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new". | |||||
| CVE-2005-1072 | 1 Punbb | 1 Punbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2005-1076 | 1 Webct | 1 Webct | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field. | |||||
| CVE-2005-1083 | 1 Aewebworks | 1 Aedating | 2008-09-05 | 5.0 MEDIUM | N/A |
| index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter. | |||||
| CVE-2005-1084 | 1 Aewebworks | 1 Aedating | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter. | |||||
| CVE-2005-1085 | 1 Aewebworks | 1 Aedating | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2005-1089 | 1 Dc\+\+ | 1 Dc\+\+ | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files. | |||||
| CVE-2005-1091 | 1 Maxthon | 1 Maxthon | 2008-09-05 | 7.5 HIGH | N/A |
| Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page. | |||||
| CVE-2005-1092 | 1 Light Speed Technology | 1 Deluxeftp | 2008-09-05 | 7.2 HIGH | N/A |
| Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | |||||
| CVE-2005-1097 | 1 Rebrand | 1 P2p Share Spy | 2008-09-05 | 4.6 MEDIUM | N/A |
| Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the txtPassword value in the registry, which allows local users to gain privileges. | |||||
| CVE-2005-1107 | 1 Mcafee | 1 Internet Security Suite | 2008-09-05 | 7.2 HIGH | N/A |
| McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files. | |||||
| CVE-2005-1119 | 1 Todd Miller | 1 Sudo | 2008-09-05 | 2.1 LOW | N/A |
| Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-1125 | 1 Avaya | 1 Libsafe | 2008-09-05 | 5.1 MEDIUM | N/A |
| Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed. | |||||
| CVE-2005-1128 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries. | |||||
| CVE-2005-1131 | 1 Symantec Veritas | 1 I3 Focalpoint Server | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact. | |||||
| CVE-2005-1138 | 1 Kerio | 1 Kerio Mailserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages. | |||||
| CVE-2005-1140 | 1 Mywebland | 1 Mybloggie | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments. | |||||
| CVE-2005-1143 | 1 Easyphpcalendar | 1 Easyphpcalendar | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter. | |||||
| CVE-2005-1144 | 1 Easyphpcalendar | 1 Easyphpcalendar | 2008-09-05 | 5.0 MEDIUM | N/A |
| popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message. | |||||
| CVE-2005-1145 | 1 Calendarscript | 1 Calendarscript | 2008-09-05 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146. | |||||
| CVE-2005-1149 | 1 Acnews | 1 Acnews | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |||||
| CVE-2005-1150 | 1 Sun | 1 Java System Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). | |||||