Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0715 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 2.1 LOW | N/A |
| AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box. | |||||
| CVE-2005-0716 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable. | |||||
| CVE-2005-0737 | 1 Yahoo | 1 Messenger | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode. | |||||
| CVE-2005-0740 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. | |||||
| CVE-2005-0741 | 1 Yabb | 1 Yabb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. | |||||
| CVE-2005-0745 | 1 Utstarcom | 1 Ian-02ex Voip Ata | 2008-09-05 | 4.6 MEDIUM | N/A |
| UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset. | |||||
| CVE-2005-0747 | 1 Applyyourself | 1 I-class | 2008-09-05 | 5.0 MEDIUM | N/A |
| ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp. | |||||
| CVE-2005-0763 | 1 Midnight Commander | 1 Midnight Commander | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. | |||||
| CVE-2005-0764 | 1 Marc Lehmann | 1 Rxvt-unicode | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences. | |||||
| CVE-2005-0809 | 1 Notify Technology | 1 Notifylink | 2008-09-05 | 7.5 HIGH | N/A |
| NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack. | |||||
| CVE-2005-0810 | 1 Notify Technology | 1 Notifylink | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL. | |||||
| CVE-2005-0811 | 1 Notify Technology | 1 Notifylink | 2008-09-05 | 4.6 MEDIUM | N/A |
| The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs. | |||||
| CVE-2005-0812 | 1 Notify Technology | 1 Notifylink | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information. | |||||
| CVE-2005-0813 | 1 Initial Redirect | 1 Initial Redirect Squid Proxy Plug-in | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors. | |||||
| CVE-2005-0819 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start. | |||||
| CVE-2005-0820 | 1 Microsoft | 1 Office Infopath | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name. | |||||
| CVE-2005-0822 | 1 Citrix | 1 Metaframe Password Manager | 2008-09-05 | 2.1 LOW | N/A |
| Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy. | |||||
| CVE-2005-0825 | 1 Lgames | 1 Ltris | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in LTris before 1.0.10 allows local users to execute arbitrary code via a crafted highscores file. | |||||
| CVE-2005-0830 | 1 Xzabite | 1 Dyndnsupdate | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-0831 | 1 Php-post | 1 Php-post Web Forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters. | |||||
| CVE-2005-0832 | 1 Php-post | 1 Php-post Web Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-0833 | 1 Belkin | 1 Belkin 54g Wireless Router | 2008-09-05 | 7.5 HIGH | N/A |
| Belkin 54G (F5D7130) wireless router allows remote attackers to access restricted resources by sniffing URIs from UPNP datagrams, then accessing those URIs, which do not require authentication. | |||||
| CVE-2005-0834 | 1 Belkin | 1 Belkin 54g Wireless Router | 2008-09-05 | 5.0 MEDIUM | N/A |
| Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-0835 | 1 Belkin | 1 54g Wireless Router | 2008-09-05 | 5.0 MEDIUM | N/A |
| The SNMP service in the Belkin 54G (F5D7130) wireless router allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2005-0849 | 1 Funlabs | 9 4x4 Off-road Adventure Iii, Cabelas Big Game Hunter 2004 Season, Cabelas Big Game Hunter 2005 and 6 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet. | |||||
| CVE-2005-0852 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 2.1 LOW | N/A |
| Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. | |||||
| CVE-2005-0855 | 1 Coolforum | 1 Coolforum | 2008-09-05 | 10.0 HIGH | N/A |
| CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message. | |||||
| CVE-2005-0856 | 1 Coolforum | 1 Coolforum | 2008-09-05 | 7.5 HIGH | N/A |
| CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate SQL commands via certain requests to (1) alert.php or (2) viewip.php, possibly due to a SQL injection vulnerability. | |||||
| CVE-2005-0860 | 1 The Rusted Gate | 1 Trg News | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in TRG News Script 3.0 allows remote attackers to execute arbitrary PHP code via the dir parameter to (1) article.php, (2) authorall.php, (3) comment.php, (4) display.php, or (5) displayall.php. | |||||
| CVE-2005-0864 | 1 Securecomputing | 1 Samsung Adsl Modem | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. | |||||
| CVE-2005-0865 | 1 Securecomputing | 1 Samsung Adsl Modem | 2008-09-05 | 7.5 HIGH | N/A |
| Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi. | |||||
| CVE-2005-0886 | 1 Invision Power Services | 1 Invision Board | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request. | |||||
| CVE-2005-0889 | 1 Dream4 | 1 Koobi Cms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter. | |||||
| CVE-2005-0890 | 1 Dream4 | 1 Koobi Cms | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote attackers to execute arbitrary SQL commands via the area parameter. | |||||
| CVE-2005-0906 | 3 Instance Four, Sacred, Ubi Soft | 3 Tincat, Sacred, The Settlersheritage Of Kings | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in a player logging function in the Tincat network library 2.x before 2.0.28, as used in games such as Sacred and The Settlers: Heritage of Kings, allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-0907 | 1 Valdersoft | 1 Shopping Cart | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php. | |||||
| CVE-2005-0908 | 1 Valdersoft | 1 Valdersoft Shopping Cart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to index.php or (2) the searchTopCategoryID parameter to search_result.php. | |||||
| CVE-2005-0910 | 1 E-xoops | 1 E-xoops | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php. | |||||
| CVE-2005-0911 | 1 E-xoops | 1 E-xoops | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php. | |||||
| CVE-2005-0912 | 1 Deplate | 1 Deplate | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb. | |||||
| CVE-2005-0914 | 1 Cpg-nuke | 1 Cpg Dragonfly Cms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter. | |||||
| CVE-2005-0915 | 1 Webmasters-debutants | 1 Wd Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php. | |||||
| CVE-2005-0916 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail. | |||||
| CVE-2005-0917 | 1 Powerdev | 1 Encapsbb | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index_header.php for EncapsBB 0.3.2_fixed, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the root parameter. | |||||
| CVE-2005-0918 | 1 Adobe | 1 Svg Viewer | 2008-09-05 | 5.0 MEDIUM | N/A |
| The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not. | |||||
| CVE-2005-0920 | 1 Bugtracker.net | 1 Bugtracker.net | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-0921 | 1 Microsoft | 1 Outlook Connector | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. | |||||
| CVE-2005-0922 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type. | |||||
| CVE-2005-0923 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2008-09-05 | 2.1 LOW | N/A |
| The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share. | |||||
| CVE-2005-0927 | 1 Web-app.org | 1 Webapp | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences. | |||||