Weekly Vulnerabilities Reports > May 2 to 8, 2005
Overview
866 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 301 high severity vulnerabilities. This weekly summary report vulnerabilities in 629 products from 423 vendors including Microsoft, Mozilla, Apple, IBM, and Linux. Vulnerabilities are notably categorized as "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", and "Code Injection".
- 717 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 859 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 35 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
31 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-05-03 | CVE-2005-1452 | S9Y | Remote Security vulnerability in Serendipity Serendipity before 0.8 allows Chief users to "hide plugins installed by other users." | 10.0 |
2005-05-03 | CVE-2005-1449 | S9Y | Remote Security vulnerability in Serendipity Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. | 10.0 |
2005-05-03 | CVE-2005-1415 | Globalscape | Remote Buffer Overflow vulnerability in GlobalSCAPE Secure FTP Server 3.0/3.0.2 Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command. | 10.0 |
2005-05-02 | CVE-2005-1177 | Usermin Webmin | Denial-Of-Service vulnerability in Usermin Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. | 10.0 |
2005-05-02 | CVE-2005-1131 | Symantec Veritas | Unspecified vulnerability in Symantec Veritas I3 Focalpoint Server 7.1 Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact. | 10.0 |
2005-05-02 | CVE-2005-1069 | Scssboard | Remote Security vulnerability in sCssBoard Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page." | 10.0 |
2005-05-02 | CVE-2005-1037 | IBM | Unspecified vulnerability in IBM AIX 5.3.0 Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. | 10.0 |
2005-05-02 | CVE-2005-1015 | Mailenable | Unspecified vulnerability in Mailenable Imapd Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command. | 10.0 |
2005-05-02 | CVE-2005-1009 | Bakbone | Remote Heap Overflow vulnerability in Bakbone Netvault 7.0/7.1 Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file. | 10.0 |
2005-05-02 | CVE-2005-0927 | WEB APP ORG | Remote Security vulnerability in Webapp 0.9.9/0.9.9.1/0.9.9.2 Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. | 10.0 |
2005-05-02 | CVE-2005-0855 | Coolforum | Remote Security vulnerability in CoolForum CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message. | 10.0 |
2005-05-02 | CVE-2005-0836 | SUN | Remote Unauthorized Access vulnerability in Sun Java Web Start System Property Tags Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. | 10.0 |
2005-05-02 | CVE-2005-0768 | Goodtech Systems | Unspecified vulnerability in Goodtech Systems Goodtech Telnet Server 4.0/5.0 Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380. | 10.0 |
2005-05-02 | CVE-2005-0744 | Novell | Remote Security vulnerability in iChain Server The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser. | 10.0 |
2005-05-02 | CVE-2005-0735 | Newsscript CO UK | Permissions, Privileges, and Access Controls vulnerability in Newsscript.Co.Uk Newsscript newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin. | 10.0 |
2005-05-02 | CVE-2005-0708 | Dragonflybsd Freebsd | The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information. | 10.0 |
2005-05-02 | CVE-2005-0635 | Foxmail | Remote vulnerability in Foxmail Email Server 2.0 Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command. | 10.0 |
2005-05-02 | CVE-2005-0582 | Broadcom | Unspecified vulnerability in Broadcom License Software 0.1.0.15 Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request. | 10.0 |
2005-05-02 | CVE-2005-0551 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | 10.0 |
2005-05-02 | CVE-2005-0491 | Knox Software | Remote Stack-Based Buffer Overrun vulnerability in Knox Arkeia Type 77 Request Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request. | 10.0 |
2005-05-02 | CVE-2005-0353 | Safenet | Remote Buffer Overflow vulnerability in Safenet Sentinel License Manager 7.2.0.2 Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093. | 10.0 |
2005-05-02 | CVE-2005-0339 | Foxmail | Remote Buffer Overflow vulnerability in Foxmail Email Server 2.0 Buffer overflow in Foxmail 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long MAIL FROM command. | 10.0 |
2005-05-02 | CVE-2005-0260 | Broadcom | Unspecified vulnerability in Broadcom Brightstor Arcserve Backup 11.1 Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call. | 10.0 |
2005-05-02 | CVE-2005-0194 | Squid | Security Bypass vulnerability in Squid Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings. | 10.0 |
2005-05-02 | CVE-2005-0065 | TCP | Remote Denial Of Service vulnerability in Multiple Vendor TCP/IP Implementation ICMP The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. | 10.0 |
2005-05-02 | CVE-2005-0059 | Microsoft | Unspecified vulnerability in Microsoft products Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. | 10.0 |
2005-05-02 | CVE-2005-0050 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." | 10.0 |
2005-05-02 | CVE-2005-0011 | KDE | Unspecified vulnerability in KDE 3.3/3.3.1/3.3.2 Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows. | 10.0 |
2005-05-02 | CVE-2005-0002 | Gentoo | Unspecified vulnerability in Gentoo Poppassd PAM 1.0 poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users. | 10.0 |
2005-05-02 | CVE-2005-0269 | SIR | Improper Handling of Case Sensitivity vulnerability in SIR Gnuboard 3.40 The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters. | 9.8 |
2005-05-02 | CVE-2005-0199 | Barton | Integer Underflow (Wrap or Wraparound) vulnerability in Barton Ngircd Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow. | 9.8 |
301 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-05-02 | CVE-2005-0490 | Haxx | Incorrect Calculation of Buffer Size vulnerability in Haxx Curl and Libcurl Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. | 8.8 |
2005-05-02 | CVE-2005-1036 | Freebsd | Missing Initialization of Resource vulnerability in Freebsd FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. | 7.8 |
2005-05-02 | CVE-2005-0209 | Linux | Improper Input Validation vulnerability in Linux Kernel 2.6.8.1 Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments. | 7.8 |
2005-05-02 | CVE-2005-0970 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. | 7.6 |
2005-05-02 | CVE-2005-0893 | Smail | Remote Security vulnerability in Smail 3.2.0.120 modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc. | 7.6 |
2005-05-06 | CVE-2005-1471 | RSA | Unspecified vulnerability in RSA Securid web Agent 5/5.2/5.3 Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data. | 7.5 |
2005-05-04 | CVE-2005-1342 | Apple | Multiple vulnerability in Apple Mac OS X The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. | 7.5 |
2005-05-04 | CVE-2005-1340 | Apple | Remote Security vulnerability in Apple mac OS X 10.3.9 The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy. | 7.5 |
2005-05-04 | CVE-2005-1339 | Apple | Remote Security vulnerability in Mac OS X Server lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name. | 7.5 |
2005-05-04 | CVE-2005-1337 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI. | 7.5 |
2005-05-04 | CVE-2005-1332 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory. | 7.5 |
2005-05-04 | CVE-2005-0676 | Phpoutsourcing | SQL-Injection vulnerability in PHPoutsourcing Zorum 3.5 index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability. | 7.5 |
2005-05-03 | CVE-2005-1826 | HP | Remote Security vulnerability in HP Radia Client 3.1.0.0 Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension. | 7.5 |
2005-05-03 | CVE-2005-1825 | HP | Unspecified vulnerability in HP Radia Client 3.1.2.0 Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process. | 7.5 |
2005-05-03 | CVE-2005-1451 | S9Y | Remote Security vulnerability in Serendipity The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. | 7.5 |
2005-05-03 | CVE-2005-1450 | S9Y | Remote Security vulnerability in Serendipity Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact. | 7.5 |
2005-05-03 | CVE-2005-1447 | Sitepanel | Remote Security vulnerability in Sitepanel PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter. | 7.5 |
2005-05-03 | CVE-2005-1446 | Sitepanel | Remote Security vulnerability in Sitepanel SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket. | 7.5 |
2005-05-03 | CVE-2005-1439 | Osticket | Directory Traversal vulnerability in osTicket Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. | 7.5 |
2005-05-03 | CVE-2005-1438 | Osticket | Remote Security vulnerability in Osticket 1 PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter. | 7.5 |
2005-05-03 | CVE-2005-1437 | Osticket | SQL-Injection vulnerability in Osticket 1.X Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php. | 7.5 |
2005-05-03 | CVE-2005-1435 | Open Webmail | Unspecified vulnerability in Open Webmail Open Webmail Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | 7.5 |
2005-05-03 | CVE-2005-1434 | HP | Denial-Of-Service vulnerability in OpenView Network Node Manager Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code. | 7.5 |
2005-05-03 | CVE-2005-1429 | Abczone IT | SQL Injection vulnerability in Abczone.It Wwwguestbook 1.1 SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
2005-05-03 | CVE-2005-1428 | Uapplication | File-Upload vulnerability in Uapplication Uphotogallery edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files. | 7.5 |
2005-05-03 | CVE-2005-1427 | Uapplication | Information Disclosure vulnerability in uPhotoGallery Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb. | 7.5 |
2005-05-03 | CVE-2005-1422 | Raysoft | Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to conduct administrator operations and cause a denial of service (server or camera shutdown) via a direct request to admin.html. | 7.5 |
2005-05-03 | CVE-2005-1419 | Ocean12 Technologies | SQL-Injection vulnerability in Ocean12 Technologies Mailing List Manager 1.06 SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter. | 7.5 |
2005-05-03 | CVE-2005-1417 | Maxwebportal | SQL Injection vulnerability in MaxWebPortal Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp. | 7.5 |
2005-05-03 | CVE-2005-1413 | Envivosoft | SQL Injection vulnerability in Envivosoft Envivo CMS 3.54 Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp. | 7.5 |
2005-05-03 | CVE-2005-1412 | Ecomm | Unspecified vulnerability in Ecomm Professional Guestbook 3 SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter. | 7.5 |
2005-05-03 | CVE-2005-1409 | Postgresql | Privilege Escalation vulnerability in PostgreSQL Character Set Conversion PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability." | 7.5 |
2005-05-03 | CVE-2005-1401 | MTP Target | Unspecified vulnerability in Mtp-Target 1.2.2 Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text. | 7.5 |
2005-05-03 | CVE-2005-1397 | PHP Calendar | SQL Injection vulnerability in PHP-Calendar Search.PHP SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2005-05-03 | CVE-2005-1391 | Apsis | Remote Buffer Overflow vulnerability in Apsis Pound 1.8.2 Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header. | 7.5 |
2005-05-03 | CVE-2005-1384 | Coinsoft Technologies | SQL Injection vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php. | 7.5 |
2005-05-03 | CVE-2005-1383 | Oracle | Unspecified vulnerability in Oracle Application Server The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778. | 7.5 |
2005-05-03 | CVE-2005-1378 | Oxpus | SQL Injection vulnerability in Notes Module for PHPBB SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors. | 7.5 |
2005-05-03 | CVE-2005-1377 | Claroline | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors. | 7.5 |
2005-05-03 | CVE-2005-1376 | Claroline | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files. | 7.5 |
2005-05-03 | CVE-2005-1375 | Claroline | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php. | 7.5 |
2005-05-03 | CVE-2005-1373 | Dream4 | SQL Injection vulnerability in Dream4 Koobi CMS 4.2.3 Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters. | 7.5 |
2005-05-03 | CVE-2005-1370 | HP | Remote Command Execution vulnerability in HP OpenView Radia Management Portal 1.0/2.0 Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors. | 7.5 |
2005-05-03 | CVE-2005-0157 | Smartlist | Unspecified vulnerability in Smartlist The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned. | 7.5 |
2005-05-02 | CVE-2005-1364 | Metalinks | Remote SQL Injection vulnerability in MetaBid Auctions intAuctionID Parameter Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp. | 7.5 |
2005-05-02 | CVE-2005-1363 | Metalinks | SQL-Injection vulnerability in Metalinks Metacart2 Payflowlink Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow allow remote attackers to execute arbitrary commands via (1) intCatalogID, (2) strSubCatalogID, or (3) strSubCatalog_NAME parameter to productsByCategory.asp, (4) curCatalogID, (5) strSubCatalog_NAME, (6) intCatalogID, or (7) page parameter to productsByCategory.asp or (8) intProdID parameter to product.asp. | 7.5 |
2005-05-02 | CVE-2005-1362 | Metalinks | SQL-Injection vulnerability in Metalinks Metacart2 Paypal Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText, (6) chkPrice, (7) intPrice, (8) chkCat, or (9) strCat parameters to searchAction.asp. | 7.5 |
2005-05-02 | CVE-2005-1361 | Metalinks | Remote SQL Injection vulnerability in Metalinks Metacart E-Shop 8.0 Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp. | 7.5 |
2005-05-02 | CVE-2005-1360 | Graycms | Remote File Include vulnerability in Graycms 1.1 PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-1358 | Text CGI | Remote Security vulnerability in Text.Cgi text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | 7.5 |
2005-05-02 | CVE-2005-1354 | Forum PL | Remote Security vulnerability in Forum.Pl The forum.pl script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | 7.5 |
2005-05-02 | CVE-2005-1351 | Leif M Wright | Remote Security vulnerability in ad.cgi The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | 7.5 |
2005-05-02 | CVE-2005-1349 | Perl | Buffer Overflow vulnerability in Convert-UUlib Perl Module Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. | 7.5 |
2005-05-02 | CVE-2005-1345 | Squid | Remote Security vulnerability in Squid Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator. | 7.5 |
2005-05-02 | CVE-2005-1344 | Apache | Buffer Overflow vulnerability in Apache Http Server 2.0.52 Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. | 7.5 |
2005-05-02 | CVE-2005-1323 | Intersoft | Buffer Overflow vulnerability in Intersoft Netterm 4.2.2 Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command. | 7.5 |
2005-05-02 | CVE-2005-1304 | Citat PL | The citat.pl script allows remote attackers to execute arbitrary files via shell metacharacters in the argument. | 7.5 |
2005-05-02 | CVE-2005-1302 | Swsoft | SQL Injection vulnerability in Swsoft Confixx 3.0.6/3.0.8/Pro3 SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. | 7.5 |
2005-05-02 | CVE-2005-1293 | Storeportal | SQL-Injection vulnerability in Storeportal 2.63 Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter. | 7.5 |
2005-05-02 | CVE-2005-1289 | E Cart | Unspecified vulnerability in E-Cart 20041.1 index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters. | 7.5 |
2005-05-02 | CVE-2005-1288 | ASP Press | Remote Security vulnerability in ACS Blog inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie. | 7.5 |
2005-05-02 | CVE-2005-1284 | Argosoft | Unspecified vulnerability in Argosoft Mail Server 1.8.7.6 The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. | 7.5 |
2005-05-02 | CVE-2005-1238 | IBM | Remote Security vulnerability in Iseries As 400 By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | 7.5 |
2005-05-02 | CVE-2005-1237 | China ON Site | SQL Injection vulnerability in FlexPHPNews News.PHP SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | 7.5 |
2005-05-02 | CVE-2005-1236 | Duware | SQL Injection vulnerability in Duware Duportal 3.1.2/3.1.2Sql Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224. | 7.5 |
2005-05-02 | CVE-2005-1232 | SUN | Remote Security vulnerability in SUN Java System web Proxy Server 3.6 Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
2005-05-02 | CVE-2005-1226 | Coppermine | Information Disclosure vulnerability in Coppermine Photo Gallery 1.3.2 Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information. | 7.5 |
2005-05-02 | CVE-2005-1225 | Coppermine | SQL-Injection vulnerability in Coppermine Photo Gallery 1.3.2 SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. | 7.5 |
2005-05-02 | CVE-2005-1224 | Duware | SQL Injection vulnerability in Duware Duportal 3.4/Pro3.4/Sql3.4 Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236. | 7.5 |
2005-05-02 | CVE-2005-1223 | Ocean12 Technologies | SQL-Injection vulnerability in Ocean12 Technologies Calendar Manager PRO 1.01 Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field. | 7.5 |
2005-05-02 | CVE-2005-1222 | Netref | Remote Security vulnerability in Netref 4.2 cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php. | 7.5 |
2005-05-02 | CVE-2005-1220 | Knusperleicht | Information Disclosure vulnerability in Shoutbox Script Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes. | 7.5 |
2005-05-02 | CVE-2005-1203 | Egroupware | Cross-Site Scripting and SQL Injection vulnerability in eGroupWare Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter. | 7.5 |
2005-05-02 | CVE-2005-1200 | Azbb | Remote Security vulnerability in Az Bulletin Board 1.0.07A/1.0.07B/1.0.07C PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-1199 | Infopop | SQL Injection vulnerability in Infopop Ultimate Bulletin Board 6.0 SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter. | 7.5 |
2005-05-02 | CVE-2005-1197 | Oracle | SQL-Injection vulnerability in Oracle10g Enterprise Edition SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter. | 7.5 |
2005-05-02 | CVE-2005-1196 | Phpbb Group | SQL-Injection vulnerability in phpBB SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter. | 7.5 |
2005-05-02 | CVE-2005-1195 | Mplayer Xine | Remote Buffer Overflow vulnerability in MPlayer MMST Stream ID Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code. | 7.5 |
2005-05-02 | CVE-2005-1178 | Oracle | SQL-Injection vulnerability in Forms And Reports SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature. | 7.5 |
2005-05-02 | CVE-2005-1173 | Pmsoftware | Unspecified vulnerability in Pmsoftware Simple web Server 1.0 Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request. | 7.5 |
2005-05-02 | CVE-2005-1170 | Datenbank Module | Unspecified vulnerability in Datenbank Module Datenbank Module SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-05-02 | CVE-2005-1169 | Mafia | Authentication Bypass vulnerability in Mafia Blog 4Beta Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php. | 7.5 |
2005-05-02 | CVE-2005-1159 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type. | 7.5 |
2005-05-02 | CVE-2005-1157 | Mozilla Netscape | Remote Script Code Execution vulnerability in Mozilla Suite And Firefox Search Plug-In Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2." | 7.5 |
2005-05-02 | CVE-2005-1156 | Mozilla Netscape | Remote Script Code Execution vulnerability in Mozilla Suite And Firefox Search Plug-In Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1." | 7.5 |
2005-05-02 | CVE-2005-1155 | Mozilla | Code Injection vulnerability in Mozilla Firefox and Mozilla The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." | 7.5 |
2005-05-02 | CVE-2005-1154 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Suite And Firefox Global Scope Pollution Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution." | 7.5 |
2005-05-02 | CVE-2005-1153 | Mozilla | Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option. | 7.5 |
2005-05-02 | CVE-2005-1128 | Virtual Hosting Control System | SQL-Injection vulnerability in Virtual Hosting Control System Virtual Hosting Control System 2.2 Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries. | 7.5 |
2005-05-02 | CVE-2005-1117 | All4Www | Remote File Include vulnerability in All4Www All4Www-Homepagecreator 1.0A PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-1114 | Phpbb Group Smartor | Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters. | 7.5 |
2005-05-02 | CVE-2005-1110 | Sumus | Unspecified vulnerability in Sumus 0.2.2 Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81. | 7.5 |
2005-05-02 | CVE-2005-1109 | Junkbuster | Unspecified vulnerability in Junkbuster Internet Junkbuster 2.0.1/2.0.2/2.0.2R2 The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption. | 7.5 |
2005-05-02 | CVE-2005-1101 | IBM | Unspecified vulnerability in IBM Lotus Domino Server 6.0.5/6.5.4 Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields. | 7.5 |
2005-05-02 | CVE-2005-1100 | Salim Gasmi | Unspecified vulnerability in Salim Gasmi GLD 1.3/1.4 Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog. | 7.5 |
2005-05-02 | CVE-2005-1093 | Popup Plus Plugin | Remote Buffer Overflow vulnerability in Popup Plus Plugin Popup Plus Plugin for Miranda IM 2.0.3.8 Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code. | 7.5 |
2005-05-02 | CVE-2005-1091 | Maxthon | Information Disclosure vulnerability in Maxthon Web Browser Plug-in API Security ID Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page. | 7.5 |
2005-05-02 | CVE-2005-1084 | Aewebworks | Unspecified vulnerability in Aewebworks Aedating 3.2 SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter. | 7.5 |
2005-05-02 | CVE-2005-1079 | Mike DE Boer | SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2005-05-02 | CVE-2005-1074 | Radscripts | Multiple vulnerability in Radscripts Radbids 2 SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter. | 7.5 |
2005-05-02 | CVE-2005-1062 | Kerio | Remote Security vulnerability in Kerio products The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods. | 7.5 |
2005-05-02 | CVE-2005-1058 | Cisco | Unspecified vulnerability in Cisco IOS 12.2T/12.3/12.3T Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations. | 7.5 |
2005-05-02 | CVE-2005-1057 | Cisco | Unspecified vulnerability in Cisco IOS 12.2T/12.3/12.3T Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." | 7.5 |
2005-05-02 | CVE-2005-1054 | Moderngigabyte | Unspecified vulnerability in Moderngigabyte Modernbill PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-1048 | Postnuke Software Foundation | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3 SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. | 7.5 |
2005-05-02 | CVE-2005-1046 | KDE | Buffer Overflow vulnerability in KDE 3.4.0 Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. | 7.5 |
2005-05-02 | CVE-2005-1045 | Centrinity | Unspecified vulnerability in Centrinity Firstclass Desktop Client 8.0 OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark. | 7.5 |
2005-05-02 | CVE-2005-1042 | PHP | Unspecified vulnerability in PHP Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count. | 7.5 |
2005-05-02 | CVE-2005-1026 | Dlman PRO Linkz PRO | SQL Injection vulnerability in PHPBB DLMan Pro Module Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to dlman.php in DLMan Pro or (2) id parameter to links.php in Linkz Pro (aka LinksLinks Pro). | 7.5 |
2005-05-02 | CVE-2005-1018 | CA | Remote Buffer Overflow vulnerability in CA Brightstor Arcserve Backup 11.1 Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field. | 7.5 |
2005-05-02 | CVE-2005-1017 | Maxwebportal | SQL Injection vulnerability in Maxwebportal SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. | 7.5 |
2005-05-02 | CVE-2005-1014 | Mailenable | Buffer Overflow vulnerability in MailEnable IMAP Authenticate Request Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command. | 7.5 |
2005-05-02 | CVE-2005-1011 | Iatek | SQL Injection vulnerability in SiteEnable SQL injection vulnerability in content.asp in SiteEnable allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 7.5 |
2005-05-02 | CVE-2005-1005 | Profitcode | Unspecified vulnerability in Profitcode Payprocart 3.0 ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. | 7.5 |
2005-05-02 | CVE-2005-1003 | Profitcode | Directory Traversal vulnerability in Profitcode Payprocart 3.0 Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via .. | 7.5 |
2005-05-02 | CVE-2005-0999 | Francisco Burzi | Unspecified vulnerability in Francisco Burzi PHP-Nuke SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter. | 7.5 |
2005-05-02 | CVE-2005-0997 | Francisco Burzi | Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6 Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function. | 7.5 |
2005-05-02 | CVE-2005-0994 | Early Impact | Unspecified vulnerability in Early Impact Productcart 2.7 Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. | 7.5 |
2005-05-02 | CVE-2005-0980 | Alstrasoft | Remote File Include vulnerability in Alstrasoft Epay 2.0 PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-0979 | Netmanage | Buffer Overflow vulnerability in Netmanage Rumba 7.3/7.4 Multiple buffer overflows in RUMBA 7.3 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted values in a profile file, as demonstrated using a long SysName field. | 7.5 |
2005-05-02 | CVE-2005-0962 | Lighthouse Development | SQL Injection vulnerability in Lighthouse Development Squirrelcart 1.5.5 SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action. | 7.5 |
2005-05-02 | CVE-2005-0959 | Yepyep | Remote CWD Argument Format String vulnerability in Yepyep Mtftpd 0.1A/0.2/0.3 Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may allow attackers to execute arbitrary code via a long path. | 7.5 |
2005-05-02 | CVE-2005-0956 | Interakt | Unspecified vulnerability in Interakt MX Kart 1.1.2 Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kart 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_man parameter. | 7.5 |
2005-05-02 | CVE-2005-0955 | Interakt | SQL Injection vulnerability in Interakt MX Shop 1.1.1 SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter. | 7.5 |
2005-05-02 | CVE-2005-0948 | Iatek | Input Validation vulnerability in Iatek PortalApp SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter. | 7.5 |
2005-05-02 | CVE-2005-0947 | Coinsoft Technologies | Remote vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. | 7.5 |
2005-05-02 | CVE-2005-0944 | Microsoft | Unspecified vulnerability in Microsoft JET Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file. | 7.5 |
2005-05-02 | CVE-2005-0935 | Esmi | SQL Injection vulnerability in Esmi Paypal Storefront 1.7 Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php. | 7.5 |
2005-05-02 | CVE-2005-0932 | Coinsoft Technologies | Remote vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the "forgotten password" feature, or (3) the domain name in a package order. | 7.5 |
2005-05-02 | CVE-2005-0929 | Photopost | SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php. | 7.5 |
2005-05-02 | CVE-2005-0920 | Bugtracker NET | SQL Injection vulnerability in Bugtracker.NET Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2005-05-02 | CVE-2005-0917 | Powerdev | Remote Security vulnerability in Powerdev Encapsbb 0.3.2Fixed PHP remote file inclusion vulnerability in index_header.php for EncapsBB 0.3.2_fixed, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the root parameter. | 7.5 |
2005-05-02 | CVE-2005-0915 | Webmasters Debutants | Security Bypass vulnerability in Webmasters-Debutants WD Guestbook 2.8 Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php. | 7.5 |
2005-05-02 | CVE-2005-0913 | Smarty | Remote PHP Script Execution vulnerability in Smarty Template Engine Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code. | 7.5 |
2005-05-02 | CVE-2005-0909 | Tkais Shoutbox | Unspecified vulnerability in Tkais Shoutbox Tkais Shoutbox PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter. | 7.5 |
2005-05-02 | CVE-2005-0907 | Valdersoft | SQL-Injection vulnerability in Valdersoft Shopping Cart 3.0 Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php. | 7.5 |
2005-05-02 | CVE-2005-0906 | Instance Four Sacred UBI Soft | Remote Buffer Overflow vulnerability in Tincat Network Library Buffer overflow in a player logging function in the Tincat network library 2.x before 2.0.28, as used in games such as Sacred and The Settlers: Heritage of Kings, allows remote attackers to execute arbitrary code. | 7.5 |
2005-05-02 | CVE-2005-0902 | Nukebookmarks | SQL-Injection vulnerability in Nukebookmarks 0.6 SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
2005-05-02 | CVE-2005-0897 | Magicscripts | Remote File Include vulnerability in Magicscripts E-Store Kit-2 Paypal PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-0891 | Gnome | Double Free vulnerability in Gnome GTK Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. | 7.5 |
2005-05-02 | CVE-2005-0890 | Dream4 | SQL Injection vulnerability in Dream4 Koobi CMS 4.2.3 SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote attackers to execute arbitrary SQL commands via the area parameter. | 7.5 |
2005-05-02 | CVE-2005-0884 | Digitalhive | Remote Security vulnerability in Digitalhive 2.0 DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script. | 7.5 |
2005-05-02 | CVE-2005-0882 | Birdblog | SQL Injection vulnerability in Birdblog 1.0.0/1.1.0 SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters. | 7.5 |
2005-05-02 | CVE-2005-0879 | Vortex Portal | Remote PHP File Include vulnerability in Vortex Portal Vortex Portal 2.0 PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter. | 7.5 |
2005-05-02 | CVE-2005-0877 | Thekelleys | Origin Validation Error vulnerability in Thekelleys Dnsmasq Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. | 7.5 |
2005-05-02 | CVE-2005-0868 | Bosanova IBM Mochasoft Powerterm | Remote Security vulnerability in Client Access AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC. | 7.5 |
2005-05-02 | CVE-2005-0865 | Securecomputing | Remote vulnerability in Securecomputing Samsung Adsl Modem Smdk8947V1.2 Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi. | 7.5 |
2005-05-02 | CVE-2005-0862 | Phpopenchat | Remote File Include vulnerability in PHPopenchat 2.3.4/3.0.1 Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php. | 7.5 |
2005-05-02 | CVE-2005-0861 | Delegate | Unspecified vulnerability in Delegate Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays." | 7.5 |
2005-05-02 | CVE-2005-0860 | THE Rusted Gate | Remote File Include vulnerability in the Rusted Gate TRG News 3.0 PHP remote file inclusion vulnerability in TRG News Script 3.0 allows remote attackers to execute arbitrary PHP code via the dir parameter to (1) article.php, (2) authorall.php, (3) comment.php, (4) display.php, or (5) displayall.php. | 7.5 |
2005-05-02 | CVE-2005-0859 | Czaries Network | Remote File Include vulnerability in Czaries Network Czarnews 1.13B PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. | 7.5 |
2005-05-02 | CVE-2005-0858 | Coolforum | Cross-Site Scripting And SQL Injection vulnerability in CoolForum Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php. | 7.5 |
2005-05-02 | CVE-2005-0856 | Coolforum | SQL-Injection vulnerability in CoolForum CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate SQL commands via certain requests to (1) alert.php or (2) viewip.php, possibly due to a SQL injection vulnerability. | 7.5 |
2005-05-02 | CVE-2005-0854 | Betaparticle | Remote vulnerability in Betaparticle Blog 2.0/3.0 betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp. | 7.5 |
2005-05-02 | CVE-2005-0841 | Phpmyfamily | SQL Injection vulnerability in PHPmyfamily 1.4 SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit.php, (4) document.php, (5) census.php, (6) passthru.php and possibly other php files in phpMyFamily 1.4.0 allows remote attackers to execute arbitrary SQL commands, as demonstrated via (1) the person parameter to people.php or (2) the Login field. | 7.5 |
2005-05-02 | CVE-2005-0838 | Icecast | Multiple vulnerability in Icecast 2.20 Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag. | 7.5 |
2005-05-02 | CVE-2005-0833 | Belkin | Multiple vulnerability in Belkin 54G Wireless Router F5D7130 Belkin 54G (F5D7130) wireless router allows remote attackers to access restricted resources by sniffing URIs from UPNP datagrams, then accessing those URIs, which do not require authentication. | 7.5 |
2005-05-02 | CVE-2005-0830 | Xzabite | Unspecified vulnerability in Xzabite Dyndnsupdate 0.6.15 Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors. | 7.5 |
2005-05-02 | CVE-2005-0825 | Lgames | Unspecified vulnerability in Lgames Ltris 1.0.9 Buffer overflow in LTris before 1.0.10 allows local users to execute arbitrary code via a crafted highscores file. | 7.5 |
2005-05-02 | CVE-2005-0821 | Citrix | Multiple vulnerability in Citrix MetaFrame Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | 7.5 |
2005-05-02 | CVE-2005-0810 | Notify Technology | Multiple vulnerability in Notify Technology Notifylink Enterpriseserver SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL. | 7.5 |
2005-05-02 | CVE-2005-0809 | Notify Technology | Multiple vulnerability in Notify Technology Notifylink Enterpriseserver NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack. | 7.5 |
2005-05-02 | CVE-2005-0807 | Oxid | Remote Heap Buffer Overflow vulnerability in Massimiliano Montoro Cain & Abel PSK Sniffer Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters. | 7.5 |
2005-05-02 | CVE-2005-0805 | Subdreamer | SQL Injection vulnerability in Subdreamer Light 1.0 SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php. | 7.5 |
2005-05-02 | CVE-2005-0800 | Mcnews | Unspecified vulnerability in Mcnews PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720. | 7.5 |
2005-05-02 | CVE-2005-0781 | PHP Arena | SQL Injection And Cross-Site Scripting vulnerability in PAFileDB SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php. | 7.5 |
2005-05-02 | CVE-2005-0775 | Photopost | Remote vulnerability in Photopost PHP PRO 5.0Rc3 The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator. | 7.5 |
2005-05-02 | CVE-2005-0769 | Openslp | Buffer Overflow vulnerability in OpenSLP Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets. | 7.5 |
2005-05-02 | CVE-2005-0764 | Marc Lehmann | Unspecified vulnerability in Marc Lehmann Rxvt-Unicode Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences. | 7.5 |
2005-05-02 | CVE-2005-0762 | Imagemagick | Unspecified vulnerability in Imagemagick Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file. | 7.5 |
2005-05-02 | CVE-2005-0743 | Xoops | Remote Arbitrary PHP File Upload vulnerability in Xoops Custom Avatar The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered. | 7.5 |
2005-05-02 | CVE-2005-0737 | Yahoo | Remote Buffer Overflow vulnerability in Yahoo! Messenger Offline Mode Status Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode. | 7.5 |
2005-05-02 | CVE-2005-0729 | Techland | Remote Security vulnerability in XPand Rally 1.0/1.1 Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a message. | 7.5 |
2005-05-02 | CVE-2005-0726 | Ubbcentral | SQL-Injection vulnerability in Ubbcentral Ubb.Threads 6.0 SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter. | 7.5 |
2005-05-02 | CVE-2005-0721 | Gamearena | Remote Security vulnerability in Experience2 PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-0706 | Grip | Matches Buffer Overflow vulnerability in Grip CDDB Response Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. | 7.5 |
2005-05-02 | CVE-2005-0679 | Stadtaus | Code Injection vulnerability in Stadtaus Tell A Friend Script PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-0678 | Stadtaus | Remote Security vulnerability in Form Mail Script PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-0672 | Ca3De | Remote vulnerability in Ca3DE Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference. | 7.5 |
2005-05-02 | CVE-2005-0669 | Coinsoft Technologies | Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module. | 7.5 |
2005-05-02 | CVE-2005-0663 | Mercuryboard | SQL-Injection vulnerability in Mercuryboard 1.1.2 SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter. | 7.5 |
2005-05-02 | CVE-2005-0661 | Woltlab | SQL-Injection vulnerability in Burning Board SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie. | 7.5 |
2005-05-02 | CVE-2005-0658 | CMW Linklist | SQL-Injection vulnerability in Cmw Linklist SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter. | 7.5 |
2005-05-02 | CVE-2005-0651 | Projectbb | SQL Injection vulnerability in Projectbb 0.4.5.1 Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "drivers.php" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section. | 7.5 |
2005-05-02 | CVE-2005-0646 | PHP Arena | SQL-Injection vulnerability in PHP Arena Panews 2.0.4B SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter. | 7.5 |
2005-05-02 | CVE-2005-0644 | Mcafee | Buffer Overflow/Directory Traversal vulnerability in Mcafee Antivirus Engine 4.3.20 Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643. | 7.5 |
2005-05-02 | CVE-2005-0643 | Mcafee | Buffer Overflow/Directory Traversal vulnerability in Mcafee Antivirus Engine 4.3.20 Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files. | 7.5 |
2005-05-02 | CVE-2005-0642 | Broadcom | Unspecified vulnerability in Broadcom Unicenter Asset Management 4.0 SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file. | 7.5 |
2005-05-02 | CVE-2005-0634 | Kmint21 Software | Remote Buffer Overflow vulnerability in Kmint21 Software Golden FTP Server 1.92 Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command. | 7.5 |
2005-05-02 | CVE-2005-0617 | Postnuke Software Foundation | SQL-Injection vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc2 SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. | 7.5 |
2005-05-02 | CVE-2005-0615 | Postnuke Software Foundation | SQL-Injection vulnerability in Postnuke Software Foundation Postnuke 0.760Rc2 Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. | 7.5 |
2005-05-02 | CVE-2005-0614 | Phpbb Group | Remote Security vulnerability in phpBB sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. | 7.5 |
2005-05-02 | CVE-2005-0612 | Cisco | Remote Default Community String vulnerability in Cisco IP/VC Videoconferencing System SNMP Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain hard-coded default SNMP community strings, which allows remote attackers to gain access, cause a denial of service, and modify configuration. | 7.5 |
2005-05-02 | CVE-2005-0601 | Cisco | Remote vulnerability in Cisco Application and Content Networking System Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, 5.1, or 5.2 use a default password when the setup dialog has not been run, which allows remote attackers to gain access. | 7.5 |
2005-05-02 | CVE-2005-0595 | Working Resources INC | Remote Buffer Overflow vulnerability in Working Resources Inc. Badblue 2.55 Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter. | 7.5 |
2005-05-02 | CVE-2005-0575 | Stormy Studios | Remote Buffer Overflow vulnerability in Stormy Studios KNet Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request. | 7.5 |
2005-05-02 | CVE-2005-0569 | Punbb | Remote Input Validation vulnerability in Punbb 1.2.1 Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php. | 7.5 |
2005-05-02 | CVE-2005-0567 | Phpmyadmin | Local File Include vulnerability in PHPmyadmin 2.6.1 Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-0565 | Phpwebsite | Remote Security vulnerability in Phpwebsite The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension. | 7.5 |
2005-05-02 | CVE-2005-0560 | Microsoft | Out-Of-Bounds Write vulnerability in Microsoft Exchange Server 2000/2003 Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. | 7.5 |
2005-05-02 | CVE-2005-0554 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability." | 7.5 |
2005-05-02 | CVE-2005-0546 | Cyrus | Remote Buffer Overflow vulnerability in Cyrus IMAPD Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd. | 7.5 |
2005-05-02 | CVE-2005-0541 | Cyclades | Remote Security vulnerability in Cyclades Alterpath Manager 1.2.1 consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter. | 7.5 |
2005-05-02 | CVE-2005-0533 | Trend Micro | Heap Overflow vulnerability in Trend Micro VSAPI ARJ Handling Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. | 7.5 |
2005-05-02 | CVE-2005-0523 | Prozilla | Remote Client-Side Format String vulnerability in ProZilla Initial Server Response Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header. | 7.5 |
2005-05-02 | CVE-2005-0501 | Digipen Institute OF Technology | Remote Nickname Buffer Overrun vulnerability in Digipen Institute of Technology Bontago 1.1 Buffer overflow in Bontago 1.1 and earlier allows remote attackers to execute arbitrary code via a long nickname. | 7.5 |
2005-05-02 | CVE-2005-0498 | Gigafast Ethernet | Information Disclosure vulnerability in Gigafast Router Gigafast router (aka CompUSA router) allows remote attackers to gain sensitive information and bypass the login page via a direct request to backup.cfg, which reveals the administrator password in plaintext. | 7.5 |
2005-05-02 | CVE-2005-0469 | Ncsa | Remote Buffer Overflow vulnerability in Multiple Vendor Telnet Client LINEMODE Sub-Options Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. | 7.5 |
2005-05-02 | CVE-2005-0468 | Ncsa | Buffer Overflow vulnerability in Ncsa Telnet C Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated. | 7.5 |
2005-05-02 | CVE-2005-0463 | INL | SQL Injection vulnerability in INL Ulog-PHP 0.8/0.8.1/0.8.2 Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php. | 7.5 |
2005-05-02 | CVE-2005-0454 | Codeworx Technologies | SQL Injection vulnerability in DCP-Portal Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php. | 7.5 |
2005-05-02 | CVE-2005-0440 | Stefan Ritt | Remote vulnerability in ELOG Web Logbook ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL. | 7.5 |
2005-05-02 | CVE-2005-0439 | Stefan Ritt | Remote vulnerability in ELOG Web Logbook Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names. | 7.5 |
2005-05-02 | CVE-2005-0437 | Awstats | Directory Traversal vulnerability in Awstats 6.3/6.4 Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. | 7.5 |
2005-05-02 | CVE-2005-0436 | Awstats | Remote Security vulnerability in Awstats 6.3/6.4 Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. | 7.5 |
2005-05-02 | CVE-2005-0431 | Barracuda Networks | Remote Security vulnerability in Barracuda Networks Barracuda Spam Firewall 3.1.10 Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam. | 7.5 |
2005-05-02 | CVE-2005-0418 | SUN | Unspecified vulnerability in SUN J2Se Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. | 7.5 |
2005-05-02 | CVE-2005-0397 | Imagemagick | Unspecified vulnerability in Imagemagick Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications. | 7.5 |
2005-05-02 | CVE-2005-0388 | Remstats | Unspecified vulnerability in Remstats 1.0.13 Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising." | 7.5 |
2005-05-02 | CVE-2005-0383 | Trend Micro | Remote Security vulnerability in Trend Micro Control Manager 3.0Enterprise Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password. | 7.5 |
2005-05-02 | CVE-2005-0380 | Zeroboard | Remote File Include vulnerability in Zeroboard DIR Parameter Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-05-02 | CVE-2005-0377 | Sergey Kiselev | SQL Injection vulnerability in Sergey Kiselev Sgallery 1.01 SQL injection vulnerability in imageview.php for SGallery 1.01 allows remote attackers to execute arbitrary SQL commands via the (1) idalbum or (2) idimage parameters. | 7.5 |
2005-05-02 | CVE-2005-0368 | Chipmunk Scripts | SQL Injection vulnerability in CMScore Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php. | 7.5 |
2005-05-02 | CVE-2005-0363 | Awstats | Unspecified vulnerability in Awstats 4.0/6.2 awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. | 7.5 |
2005-05-02 | CVE-2005-0350 | F Secure | Remote Security vulnerability in F-Secure Anti-Virus Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive. | 7.5 |
2005-05-02 | CVE-2005-0349 | Broadcom | Unspecified vulnerability in Broadcom Brightstor Arcserve Backup 11.1 The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands. | 7.5 |
2005-05-02 | CVE-2005-0343 | Logicnow | SQL Injection vulnerability in Logicnow Perldesk 1.0 SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter. | 7.5 |
2005-05-02 | CVE-2005-0338 | Savant | Remote Buffer Overflow vulnerability in Savant Webserver 3.1 Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request. | 7.5 |
2005-05-02 | CVE-2005-0337 | Wietse Venema Redhat Suse | Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname. | 7.5 |
2005-05-02 | CVE-2005-0332 | Ventia | Remote Directory Traversal vulnerability in Ventia DeskNow Mail And Collaboration Server 2.5.12/2.5.13 Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do. | 7.5 |
2005-05-02 | CVE-2005-0327 | PHP Arena | Remote Security vulnerability in PHP Arena Pafiledb 3.1 pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php. | 7.5 |
2005-05-02 | CVE-2005-0305 | Siteman | Privilege Escalation vulnerability in Siteman User Database CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation. | 7.5 |
2005-05-02 | CVE-2005-0302 | Comersus Open Technologies | SQL-Injection vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | 7.5 |
2005-05-02 | CVE-2005-0301 | Comersus Open Technologies | Security Bypass vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. | 7.5 |
2005-05-02 | CVE-2005-0282 | Mybulletinboard | SQL Injection vulnerability in Mybulletinboard 1.0Rc4 SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter. | 7.5 |
2005-05-02 | CVE-2005-0273 | Photopost | Input Validation vulnerability in All Enthusiast PhotoPost Classifieds Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter. | 7.5 |
2005-05-02 | CVE-2005-0272 | Photopost | Remote Security vulnerability in Photopost Reviewpost PHP PRO 1.0.2/2.5 ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions. | 7.5 |
2005-05-02 | CVE-2005-0267 | Flatnuke | Unspecified vulnerability in Flatnuke 2.5.1 index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive. | 7.5 |
2005-05-02 | CVE-2005-0265 | OWL | Cross-Site Scripting and SQL Injection vulnerability in OWL Intranet Engine 0.7/0.8 Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter. | 7.5 |
2005-05-02 | CVE-2005-0248 | SUN | Unspecified vulnerability in SUN Solaris and Sunos The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts. | 7.5 |
2005-05-02 | CVE-2005-0239 | Squirrelmail | Unspecified vulnerability in Squirrelmail S Mime Plugin 0.4/0.5 viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter. | 7.5 |
2005-05-02 | CVE-2005-0217 | Invision Power Services | SQL Injection vulnerability in Invision Power Services Invision Community Blog 1.0 SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter. | 7.5 |
2005-05-02 | CVE-2005-0211 | Squid Cache Debian | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter. | 7.5 |
2005-05-02 | CVE-2005-0200 | Tiki | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386. | 7.5 |
2005-05-02 | CVE-2005-0198 | University OF Washington | Remote Authentication Bypass vulnerability in University Of Washington IMAP Server CRAM-MD5 A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users. | 7.5 |
2005-05-02 | CVE-2005-0187 | Athoc | Remote Code Execution vulnerability in AtHoc ToolBar Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name. | 7.5 |
2005-05-02 | CVE-2005-0185 | Mnet Soft Factory | Buffer Overflow vulnerability in Mnet Soft Factory Nodemanager Professional 2.00 Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field. | 7.5 |
2005-05-02 | CVE-2005-0173 | Squid | Authentication Bypass vulnerability in Squid Proxy squid_ldap_auth squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server. | 7.5 |
2005-05-02 | CVE-2005-0158 | Bidwatcher | Unspecified vulnerability in Bidwatcher Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses. | 7.5 |
2005-05-02 | CVE-2005-0147 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. | 7.5 |
2005-05-02 | CVE-2005-0140 | Peid | Remote Buffer Overflow vulnerability in Peid 0.92 Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name. | 7.5 |
2005-05-02 | CVE-2005-0126 | Apple | Remote Buffer Overflow vulnerability in Apple ColorSync ICC Header ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap. | 7.5 |
2005-05-02 | CVE-2005-0088 | Apache | Information Disclosure vulnerability in Apache mod_python Module Publisher Handler The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL. | 7.5 |
2005-05-02 | CVE-2005-0086 | Redhat | Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale. | 7.5 |
2005-05-02 | CVE-2005-0064 | Xpdf | Unspecified vulnerability in Xpdf Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value. | 7.5 |
2005-05-02 | CVE-2005-0063 | Microsoft | Remote Code Execution vulnerability in Microsoft Windows Shell The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. | 7.5 |
2005-05-02 | CVE-2005-0057 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows Hyperlink Object Library The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow. | 7.5 |
2005-05-02 | CVE-2005-0055 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." | 7.5 |
2005-05-02 | CVE-2005-0053 | Microsoft | Unspecified vulnerability in Microsoft products Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." | 7.5 |
2005-05-02 | CVE-2005-0051 | Microsoft | Remote Information Disclosure vulnerability in Microsoft Windows Named Pipe The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability." | 7.5 |
2005-05-02 | CVE-2005-0048 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000 and Windows XP Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." | 7.5 |
2005-05-02 | CVE-2005-0045 | Microsoft | Remote Buffer Overflow vulnerability in Microsoft Windows Server Message Block Handlers The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields. | 7.5 |
2005-05-02 | CVE-2005-0044 | Microsoft | Unspecified vulnerability in Microsoft products The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | 7.5 |
2005-05-02 | CVE-2005-0043 | Apple | Buffer Overflow vulnerability in Apple Itunes 4.7 Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. | 7.5 |
2005-05-02 | CVE-2005-0015 | Crosswire Bible Society | Unspecified vulnerability in Crosswire Bible Society Sword 1.5.7A diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 7.5 |
2005-05-02 | CVE-2005-0014 | Ncpfs | Remote vulnerability in NCPFS Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client. | 7.5 |
2005-05-02 | CVE-2005-0012 | Dillo | Unspecified vulnerability in Dillo web Browser Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page. | 7.5 |
2005-05-02 | CVE-2005-0005 | Graphicsmagick Imagemagick SGI Debian Gentoo Suse | Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. | 7.5 |
2005-05-04 | CVE-2005-1335 | Apple | Local Security vulnerability in Mac OS X Server Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner." | 7.2 |
2005-05-04 | CVE-2005-0594 | Apple | Unspecified vulnerability in Apple mac OS X Server 10.3.9 Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code. | 7.2 |
2005-05-03 | CVE-2005-1394 | Esri | Unspecified vulnerability in Esri Arcgis and Arcinfo Workstation Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr. | 7.2 |
2005-05-03 | CVE-2005-1387 | Kristofer Szymanski | Unspecified vulnerability in Kristofer Szymanski Cocktail 3.5.4 Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes. | 7.2 |
2005-05-03 | CVE-2005-1371 | Bulletproof | Local Privilege Escalation vulnerability in Bulletproof FTP Server 2.4.0.31 BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges. | 7.2 |
2005-05-03 | CVE-2005-1343 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument. | 7.2 |
2005-05-02 | CVE-2005-1092 | Light Speed Technology | Local Authentication Credentials Disclosure vulnerability in Light Speed Technologies DeluxeFTP Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | 7.2 |
2005-05-02 | CVE-2005-1088 | Dameware Development | Privilege Escalation vulnerability in Dameware Development Mini Remote Control and NT Utilities Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights. | 7.2 |
2005-05-02 | CVE-2005-1040 | Novell | Unspecified vulnerability in Novell Linux Desktop 9 Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification." | 7.2 |
2005-05-02 | CVE-2005-1019 | Aeon | Local Security vulnerability in Aeon Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable. | 7.2 |
2005-05-02 | CVE-2005-0867 | Linux | Unspecified vulnerability in Linux Kernel 2.6.0 Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file. | 7.2 |
2005-05-02 | CVE-2005-0816 | SUN | Local Buffer Overflow vulnerability in Sun Solaris NewGRP Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges. | 7.2 |
2005-05-02 | CVE-2005-0707 | Ipswitch | Buffer Overflow vulnerability in Ipswitch Collaboration Suite IMail Server IMAP EXAMINE Argument Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. | 7.2 |
2005-05-02 | CVE-2005-0545 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000 and Windows XP Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. | 7.2 |
2005-05-02 | CVE-2005-0497 | ADP | Local Security vulnerability in Elite System Max 9000 ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory. | 7.2 |
2005-05-02 | CVE-2005-0457 | Opera | Uncontrolled Search Path Element vulnerability in Opera Browser Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. | 7.2 |
2005-05-02 | CVE-2005-0322 | Icewarp Merak | Local Security vulnerability in Mail Server MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords. | 7.2 |
2005-05-02 | CVE-2005-0263 | IBM | Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3 Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument. | 7.2 |
2005-05-02 | CVE-2005-0262 | IBM | Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3 Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument. | 7.2 |
2005-05-02 | CVE-2005-0250 | IBM | Local Format String vulnerability in IBM AIX 5.1/5.2/5.3 Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument. | 7.2 |
2005-05-02 | CVE-2005-0240 | IBM | Unspecified vulnerability in IBM AIX 5.2 Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message. | 7.2 |
2005-05-02 | CVE-2005-0183 | Squirrelmail | Unspecified vulnerability in Squirrelmail Vacation Plugin ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument. | 7.2 |
2005-05-02 | CVE-2005-0091 | Redhat | Multiple vulnerability in Red Hat Enterprise Linux Kernel Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls. | 7.2 |
2005-05-02 | CVE-2005-0076 | Debian | Unspecified vulnerability in Debian Linux 3.0 Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library. | 7.2 |
2005-05-02 | CVE-2005-0070 | Synaesthesia | Local File Disclosure vulnerability in Synaesthesia Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files. | 7.2 |
2005-05-02 | CVE-2005-0061 | Microsoft | Unspecified vulnerability in Microsoft products The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. | 7.2 |
2005-05-02 | CVE-2005-0060 | Microsoft | Unspecified vulnerability in Microsoft products Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. | 7.2 |
2005-05-02 | CVE-2005-0047 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." | 7.2 |
2005-05-02 | CVE-2005-0021 | University OF Cambridge | Unspecified vulnerability in University of Cambridge Exim 4.41/4.42 Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function. | 7.2 |
2005-05-02 | CVE-2005-0013 | Ncpfs | Remote vulnerability in NCPFS nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges. | 7.2 |
2005-05-02 | CVE-2005-1021 | Cisco | Resource Management Errors vulnerability in Cisco IOS Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. | 7.1 |
2005-05-02 | CVE-2005-1020 | Cisco | Improper Authentication vulnerability in Cisco IOS Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | 7.1 |
2005-05-02 | CVE-2005-0449 | Linux | Improper Input Validation vulnerability in Linux Kernel The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function. | 7.1 |
453 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-05-02 | CVE-2005-0001 | Linux Redhat Trustix | Local Privilege Escalation vulnerability in Linux Kernel Symmetrical Multiprocessing Page Fault Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion. | 6.9 |
2005-05-03 | CVE-2005-1448 | S9Y | HTML Injection vulnerability in S9Y Serendipity BBCode Plugin Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 6.8 |
2005-05-03 | CVE-2005-1444 | Sitepanel | Cross-Site Scripting vulnerability in Sitepanel Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php. | 6.8 |
2005-05-03 | CVE-2005-1443 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Board Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. | 6.8 |
2005-05-03 | CVE-2005-1440 | Codetosell | Cross-Site Scripting and HTML Injection vulnerability in Codetosell Viart Shop Enterprise 2.1.6 Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php. | 6.8 |
2005-05-03 | CVE-2005-1436 | Osticket | Cross-Site Scripting vulnerability in Osticket 1.2.7/1.3.0 Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket. | 6.8 |
2005-05-03 | CVE-2005-1403 | Just Williams | Cross-Site Scripting vulnerability in Just William's Amazon Webstore Closeup.PHP Image Parameter Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie. | 6.8 |
2005-05-03 | CVE-2005-1381 | Oracle | Cross-Site Scripting vulnerability in Oracle Application Server 9i Webcache Cache_dump_file Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. | 6.8 |
2005-05-03 | CVE-2005-1380 | BEA | Cross-Site Scripting vulnerability in BEA Weblogic Server 8.1 Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action. | 6.8 |
2005-05-03 | CVE-2005-1374 | Claroline | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. | 6.8 |
2005-05-02 | CVE-2005-1202 | Egroupware | Cross-Site Scripting and SQL Injection vulnerability in eGroupWare Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter. | 6.8 |
2005-05-02 | CVE-2005-1186 | Musicmatch | Cross-Site Scripting vulnerability in Jukebox Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks. | 6.8 |
2005-05-02 | CVE-2005-1102 | Wordpress | Cross-Site Scripting vulnerability in WordPress Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. | 6.8 |
2005-05-02 | CVE-2005-1051 | Punbb | SQL Injection vulnerability in PunBB Profile.PHP SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action. | 6.5 |
2005-05-02 | CVE-2005-0247 | Postgresql | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Postgresql Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245. | 6.5 |
2005-05-02 | CVE-2005-0244 | Postgresql | Permissions, Privileges, and Access Controls vulnerability in Postgresql PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command. | 6.5 |
2005-05-03 | CVE-2005-1445 | Sitepanel | Directory Traversal vulnerability in Sitepanel Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php. | 6.4 |
2005-05-03 | CVE-2005-1423 | Software602 | Denial-Of-Service vulnerability in Software602 602Lan Suite 2004.0.05.0413 Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. | 6.4 |
2005-05-02 | CVE-2005-1201 | Azbb | Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. | 6.4 |
2005-05-02 | CVE-2005-1163 | Yager Development | Buffer Overflow vulnerability in Yager Development Yager Game 5.0/5.20/5.24 Multiple buffer overflows in Yager 5.24 and earlier allow remote attackers to execute arbitrary code via (1) a crafted nickname or (2) a packet with a large amount of data. | 6.4 |
2005-05-02 | CVE-2005-1090 | Maxthon | Directory Traversal vulnerability in Maxthon 1.2.0/1.2.1 Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files. | 6.4 |
2005-05-02 | CVE-2005-1086 | AN | Remote Buffer Overflow vulnerability in AN An-Httpd 1.42N Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header. | 6.4 |
2005-05-02 | CVE-2005-0966 | ROB Flynn | Unspecified vulnerability in ROB Flynn Gaim 1.2.0 The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions. | 6.4 |
2005-05-02 | CVE-2005-0815 | Linux | ISO9660 Filesystem Handling vulnerability in Linux Kernel Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. | 6.4 |
2005-05-02 | CVE-2005-0657 | Computalynx | Denial-Of-Service vulnerability in Computalynx Cproxy 3.3/3.4/3.4.4 Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. | 6.4 |
2005-05-02 | CVE-2005-0618 | Nexland Symantec | The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network. | 6.4 |
2005-05-02 | CVE-2005-0602 | Info ZIP | Privilege Escalation vulnerability in Info-Zip Unzip 5.50 Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. | 6.2 |
2005-05-02 | CVE-2005-0197 | Cisco | Configuration vulnerability in Cisco IOS Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. | 6.1 |
2005-05-02 | CVE-2005-0824 | Mathopd | Link Following vulnerability in Mathopd The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal. | 5.5 |
2005-05-04 | CVE-2005-1341 | Apple | Multiple vulnerability in Apple Mac OS X Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. | 5.1 |
2005-05-04 | CVE-2005-1331 | Apple | Multiple vulnerability in Apple Mac OS X The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs. | 5.1 |
2005-05-02 | CVE-2005-1160 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object. | 5.1 |
2005-05-02 | CVE-2005-1125 | Avaya | Unspecified vulnerability in Avaya Libsafe Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed. | 5.1 |
2005-05-02 | CVE-2005-0941 | Openoffice | Remote Heap Overflow vulnerability in OpenOffice Malformed Document The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow. | 5.1 |
2005-05-02 | CVE-2005-0926 | Sylpheed | Unspecified vulnerability in Sylpheed Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names. | 5.1 |
2005-05-02 | CVE-2005-0665 | John Bradley | Unspecified vulnerability in John Bradley XV 3.10A Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename. | 5.1 |
2005-05-02 | CVE-2005-0611 | Realnetworks | Unspecified vulnerability in Realnetworks Helix Player, Realone Player and Realplayer Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files. | 5.1 |
2005-05-02 | CVE-2005-0577 | DNA | Remote Security vulnerability in mkbold-mkitalic Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files. | 5.1 |
2005-05-02 | CVE-2005-0558 | Microsoft | Unspecified vulnerability in Microsoft Word 2000/2002/2003 Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. | 5.1 |
2005-05-02 | CVE-2005-0553 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". | 5.1 |
2005-05-02 | CVE-2005-0527 | Mozilla | Unspecified vulnerability in Mozilla Firefox 1.0 Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling." | 5.1 |
2005-05-02 | CVE-2005-0455 | Realnetworks | Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value. | 5.1 |
2005-05-02 | CVE-2005-0401 | Mozilla | Remote Insecure XUL Start Up Script Loading vulnerability in Mozilla Browser FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." | 5.1 |
2005-05-02 | CVE-2005-0399 | Mozilla | Remote Heap Overflow vulnerability in Mozilla Firefox, Mozilla and Thunderbird Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size. | 5.1 |
2005-05-02 | CVE-2005-0347 | Realnetworks | Remote Security vulnerability in RealArcade Integer overflow in RealArcade 1.2.0.994 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow. | 5.1 |
2005-05-02 | CVE-2005-0230 | Mozilla | Unspecified vulnerability in Mozilla Firefox 1.0 Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging." | 5.1 |
2005-05-02 | CVE-2005-0056 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." | 5.1 |
2005-05-02 | CVE-2005-0054 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." | 5.1 |
2005-05-02 | CVE-2005-0035 | Adobe | Information Disclosure vulnerability in Adobe Acrobat Reader ActiveX Control LoadFile The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method. | 5.1 |
2005-05-05 | CVE-2005-1453 | Leafnode | Unspecified vulnerability in Leafnode fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers. | 5.0 |
2005-05-04 | CVE-2005-1333 | Apple | Directory Traversal vulnerability in Apple mac OS X 10.3.9 Directory traversal vulnerability in the Bluetooth file and object exchange (OBEX) services in Mac OS X 10.3.9 allows remote attackers to read arbitrary files. | 5.0 |
2005-05-03 | CVE-2005-1441 | IBM | Remote Procedure Call Remote Format String vulnerability in IBM Lotus Domino Server Notes Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). | 5.0 |
2005-05-03 | CVE-2005-1431 | GNU | Denial of Service vulnerability in GNUTLS Padding The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | 5.0 |
2005-05-03 | CVE-2005-1426 | Uapplication | Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb). | 5.0 |
2005-05-03 | CVE-2005-1425 | Uapplication | Permissions, Privileges, and Access Controls vulnerability in Uapplication Uguestbook 1.0 Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb. | 5.0 |
2005-05-03 | CVE-2005-1421 | Raysoft | Directory Traversal vulnerability in Raysoft Video CAM Server 1.0.0Beta Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request. | 5.0 |
2005-05-03 | CVE-2005-1420 | Raysoft | Remote Security vulnerability in Raysoft Video CAM Server 1.0.0Beta Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" (hex-encoded space). | 5.0 |
2005-05-03 | CVE-2005-1416 | Soft3304 | Unspecified vulnerability in Soft3304 04Webserver 1.81 Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder. | 5.0 |
2005-05-03 | CVE-2005-1404 | Myphp Forum | Unspecified vulnerability in Myphp Forum Myphp Forum 1.0/2.0/3.0 MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php. | 5.0 |
2005-05-03 | CVE-2005-1402 | MTP Target | Unspecified vulnerability in Mtp-Target Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison. | 5.0 |
2005-05-03 | CVE-2005-1398 | Phpcart | Improper Input Validation vulnerability in PHPcart 3.2/3.4/4.6.4 phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. | 5.0 |
2005-05-03 | CVE-2005-1386 | Francisco Burzi | Information Disclosure vulnerability in PHP-Nuke PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message. | 5.0 |
2005-05-03 | CVE-2005-1382 | Oracle | File Corruption vulnerability in Oracle Application Server 9i Webcache Arbitrary The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. | 5.0 |
2005-05-02 | CVE-2005-1357 | Text CGI | Remote Security vulnerability in Text.Cgi text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | 5.0 |
2005-05-02 | CVE-2005-1355 | Includer CGI | Remote Security vulnerability in Includer.Cgi 1.1 includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801. | 5.0 |
2005-05-02 | CVE-2005-1353 | Forum PL | Remote Security vulnerability in Forum.Pl The forum.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. | 5.0 |
2005-05-02 | CVE-2005-1350 | Leif M Wright | Remote Security vulnerability in ad.cgi The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | 5.0 |
2005-05-02 | CVE-2005-1326 | Voodoo Circle | Denial-Of-Service vulnerability in Voodoo Circle Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote authenticated attackers to cause a denial of service (client crash) via a crafted packet. | 5.0 |
2005-05-02 | CVE-2005-1325 | Matthieu Aubry | Unspecified vulnerability in Matthieu Aubry PHPmyvisites 1.3 set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter. | 5.0 |
2005-05-02 | CVE-2005-1305 | Hyper CGI | Remote Security vulnerability in Hyper.Cgi The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | 5.0 |
2005-05-02 | CVE-2005-1280 | LBL | Denial Of Service vulnerability in tcpdump RSVP Decoding Routines The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. | 5.0 |
2005-05-02 | CVE-2005-1279 | LBL | Denial Of Service vulnerability in tcpdump LDP Decoding Routines tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function. | 5.0 |
2005-05-02 | CVE-2005-1278 | LBL | Denial Of Service vulnerability in tcpdump ISIS Decoding Routines The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet. | 5.0 |
2005-05-02 | CVE-2005-1243 | Safestone Technologies | Directory Traversal vulnerability in Axcessit Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | 5.0 |
2005-05-02 | CVE-2005-1242 | Bsafe | Directory Traversal vulnerability in Global Security Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | 5.0 |
2005-05-02 | CVE-2005-1239 | RAZ LEE | Unspecified vulnerability in Raz-Lee Security+++ Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | 5.0 |
2005-05-02 | CVE-2005-1235 | Phpbb Group | Information Disclosure vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-1234 | Phpbb Group | SQL Injection vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php. | 5.0 |
2005-05-02 | CVE-2005-1230 | Magnus Lundvall | Directory Traversal vulnerability in Magnus Lundvall Yawcam 0.2.5 Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in a GET request. | 5.0 |
2005-05-02 | CVE-2005-1228 | GNU | Multiple Security vulnerability in Apple Mac OS X Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. | 5.0 |
2005-05-02 | CVE-2005-1204 | Nelso Software | Denial-Of-Service vulnerability in Desktop Rover Desktop Rover 3.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a crafted packet to TCP port 61427, which causes an invalid memory access. | 5.0 |
2005-05-02 | CVE-2005-1198 | Anaconda Partners | Directory Traversal vulnerability in Foundation Directory Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter. | 5.0 |
2005-05-02 | CVE-2005-1192 | HP | Remote Denial Of Service vulnerability in HP-UX ICMP PMTUD Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060. | 5.0 |
2005-05-02 | CVE-2005-1191 | Microsoft | Unspecified vulnerability in Microsoft products The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file. | 5.0 |
2005-05-02 | CVE-2005-1190 | Webcamxp | Denial-Of-Service vulnerability in Webcamxp Pro WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered. | 5.0 |
2005-05-02 | CVE-2005-1184 | Microsoft | Denial Of Service vulnerability in Multiple Vendor TCP Session Acknowledgement Number The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. | 5.0 |
2005-05-02 | CVE-2005-1182 | IBM | Denial-Of-Service vulnerability in IBM OS 400 R510/R520/R530 Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. | 5.0 |
2005-05-02 | CVE-2005-1180 | Francisco Burzi | Remote Security vulnerability in Francisco Burzi PHP-Nuke 7.6 HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. | 5.0 |
2005-05-02 | CVE-2005-1179 | Xerox | SNMP Authentication Bypass vulnerability in Xerox MicroServer Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, related to SNMP authentication, allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-0703. | 5.0 |
2005-05-02 | CVE-2005-1168 | Musicmatch | Unspecified vulnerability in Musicmatch Jukebox 9.0.5059 DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument. | 5.0 |
2005-05-02 | CVE-2005-1165 | Yager Development | Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data. | 5.0 |
2005-05-02 | CVE-2005-1164 | Yager Development | Denial Of Service vulnerability in Yager Development Yager Game 5.0/5.20/5.24 Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length. | 5.0 |
2005-05-02 | CVE-2005-1158 | Mozilla | Unspecified vulnerability in Mozilla Firefox Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. | 5.0 |
2005-05-02 | CVE-2005-1150 | SUN | Denial-Of-Service vulnerability in SUN Java System web Server 6.0 Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). | 5.0 |
2005-05-02 | CVE-2005-1148 | Calendarscript | Information Disclosure vulnerability in Calendarscript 3.20/3.21 calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information. | 5.0 |
2005-05-02 | CVE-2005-1137 | Alexander Palmo | Information Disclosure vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-1133 | IBM | Remote Information Disclosure vulnerability in IBM iSeries AS400 POP3 Server The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | 5.0 |
2005-05-02 | CVE-2005-1132 | LG Electronics | Remote Denial Of Service vulnerability in LG Electronics LG Mobile Phone U8120 LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. | 5.0 |
2005-05-02 | CVE-2005-1127 | Postgrey | Unspecified vulnerability in Postgrey 1.17/1.18 Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey. | 5.0 |
2005-05-02 | CVE-2005-1123 | Monkey Project | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Monkey-Project Monkey Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file. | 5.0 |
2005-05-02 | CVE-2005-1121 | Igor Khasilev Gentoo | Remote Format String vulnerability in Oops! Proxy Server Auth Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. | 5.0 |
2005-05-02 | CVE-2005-1112 | IBM | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. | 5.0 |
2005-05-02 | CVE-2005-1108 | Junkbuster | Unspecified vulnerability in Junkbuster Internet Junkbuster 2.0.2R2 The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request. | 5.0 |
2005-05-02 | CVE-2005-1106 | Apple | Denial-Of-Service vulnerability in Apple Quicktime Pictureviewer 6.5.2 PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. | 5.0 |
2005-05-02 | CVE-2005-1105 | SUN | Unspecified vulnerability in SUN Javamail 1.3.2 Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-1083 | Aewebworks | Unspecified vulnerability in Aewebworks Aedating 3.2 index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter. | 5.0 |
2005-05-02 | CVE-2005-1080 | SUN | Directory Traversal vulnerability in Sun J2SE Software Development Kit Java Archive Tool Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-1073 | Radscripts | Multiple vulnerability in Radscripts Radbids 2 Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter. | 5.0 |
2005-05-02 | CVE-2005-1061 | Logwatch Redhat | The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS." | 5.0 |
2005-05-02 | CVE-2005-1060 | Novell | Remote Denial Of Service vulnerability in Novell Netware 6.0/6.5 Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. | 5.0 |
2005-05-02 | CVE-2005-1056 | HP | Remote Denial of Service vulnerability in HP OpenView Network Node Manager Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service. | 5.0 |
2005-05-02 | CVE-2005-1052 | Microsoft | Unspecified vulnerability in Microsoft Outlook and Outlook web Access Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. | 5.0 |
2005-05-02 | CVE-2005-1050 | Postnuke Software Foundation | Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3 The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-1034 | Netwin | Denial of Service vulnerability in Netwin Surgeftp 2.2K3/2.2M1 SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | 5.0 |
2005-05-02 | CVE-2005-1033 | Devellion | Unspecified vulnerability in Devellion Cubecart 2.0.6 CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-1031 | E Xoops Runcms | Remote Arbitrary File Upload vulnerability in RunCMS RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. | 5.0 |
2005-05-02 | CVE-2005-1028 | Phpnuke | Information Exposure vulnerability in PHPnuke PHP-Nuke PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-1025 | IBM | Information Disclosure vulnerability in IBM Iseries AS 400 4.3 The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | 5.0 |
2005-05-02 | CVE-2005-1024 | Francisco Burzi | Unspecified vulnerability in Francisco Burzi PHP-Nuke modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-1022 | Macromedia | Unspecified vulnerability in Macromedia Coldfusion 6.1 ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | 5.0 |
2005-05-02 | CVE-2005-1013 | Mailenable | Denial Of Service vulnerability in MailEnable SMTP Malformed EHLO Request The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string. | 5.0 |
2005-05-02 | CVE-2005-1007 | Stalker | Unspecified vulnerability in Stalker Communigate PRO 4.3C1/4.3C2 Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages. | 5.0 |
2005-05-02 | CVE-2005-1002 | Logics Software | Unspecified vulnerability in Logics Software Log-Ft logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters. | 5.0 |
2005-05-02 | CVE-2005-1001 | Francisco Burzi | Information Disclosure vulnerability in Francisco Burzi PHP-Nuke 7.6 PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0998 | Francisco Burzi | Information Disclosure vulnerability in Francisco Burzi PHP-Nuke 7.6 The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. | 5.0 |
2005-05-02 | CVE-2005-0996 | Francisco Burzi | Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6 Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. | 5.0 |
2005-05-02 | CVE-2005-0989 | Mozilla Netscape | The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method. | 5.0 |
2005-05-02 | CVE-2005-0987 | IRC Services | Remote Security vulnerability in Nickserv Listlinks Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 allows remote attackers to obtain the links of a nick. | 5.0 |
2005-05-02 | CVE-2005-0984 | Lucasarts | Buffer Overflow vulnerability in Lucasarts Star Wars Jedi Knight Jedi Academy 1.0.11 Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell. | 5.0 |
2005-05-02 | CVE-2005-0983 | Activision ID Software Lucasarts Raven Software | Denial of Service vulnerability in Quake 3 Engine Message Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data. | 5.0 |
2005-05-02 | CVE-2005-0978 | IVT | Directory Traversal vulnerability in IVT Bluesoleil 1.4 Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-0976 | Apple Hmdt Omnigroup | AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs. | 5.0 |
2005-05-02 | CVE-2005-0968 | Broadcom | Unspecified vulnerability in Broadcom Etrust Intrusion Detection 3.0 Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API. | 5.0 |
2005-05-02 | CVE-2005-0967 | ROB Flynn | Remote Denial Of Service vulnerability in ROB Flynn Gaim 1.2.0 Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read. | 5.0 |
2005-05-02 | CVE-2005-0965 | ROB Flynn | Remote Denial Of Service vulnerability in ROB Flynn Gaim 1.2.0 The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read. | 5.0 |
2005-05-02 | CVE-2005-0960 | Openbsd | Remote Denial Of Service vulnerability in Openbsd 3.5/3.6 Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash). | 5.0 |
2005-05-02 | CVE-2005-0954 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer, Windows Explorer and Windows XP Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. | 5.0 |
2005-05-02 | CVE-2005-0952 | PHP Arena | Unspecified vulnerability in PHP Arena Pafiledb 3.1 Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 5.0 |
2005-05-02 | CVE-2005-0938 | Uapplication | Remote Security vulnerability in Ublog Reload Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb. | 5.0 |
2005-05-02 | CVE-2005-0936 | Esmi | Cross-Site Scripting vulnerability in Esmi Paypal Storefront 1.7 Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 5.0 |
2005-05-02 | CVE-2005-0933 | Coinsoft Technologies | Remote vulnerability in PHPcoin 1.2.1/1.2.1B Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter. | 5.0 |
2005-05-02 | CVE-2005-0922 | Symantec | Remote Denial Of Service vulnerability in Symantec products Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type. | 5.0 |
2005-05-02 | CVE-2005-0895 | Netcomm | Remote Denial of Service vulnerability in Netcomm Nb1300 4.4.1 Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of service (device hang) via a large number of ping packets. | 5.0 |
2005-05-02 | CVE-2005-0880 | Vortex Portal | Information Disclosure vulnerability in Vortex Portal content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0876 | Dnsmasq | Remote vulnerability in Dnsmasq Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file. | 5.0 |
2005-05-02 | CVE-2005-0875 | Cerulean Studios | Unspecified vulnerability in Cerulean Studios Trillian 2.0/3.0/3.1 Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | 5.0 |
2005-05-02 | CVE-2005-0874 | Cerulean Studios | Unspecified vulnerability in Cerulean Studios Trillian 2.0 Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | 5.0 |
2005-05-02 | CVE-2005-0871 | Phpbb Group | Information Disclosure vulnerability in PHPbb Group PHPbb 1.0.1 calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. | 5.0 |
2005-05-02 | CVE-2005-0869 | Phpsysinfo | Information Disclosure vulnerability in PHPsysinfo 2.3 phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0864 | Securecomputing | Remote vulnerability in Securecomputing Samsung Adsl Modem Smdk8947V1.2 The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. | 5.0 |
2005-05-02 | CVE-2005-0853 | Betaparticle | Remote vulnerability in Betaparticle Blog 2.0/3.0 betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. | 5.0 |
2005-05-02 | CVE-2005-0851 | Filezilla Project | Infinite Loop vulnerability in Filezilla-Project Filezilla Server FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers to cause a denial of service (infinite loop) via certain file uploads or directory listings. | 5.0 |
2005-05-02 | CVE-2005-0850 | Filezilla Project | Improper Input Validation vulnerability in Filezilla-Project Filezilla Server FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others. | 5.0 |
2005-05-02 | CVE-2005-0849 | Funlabs | Unspecified vulnerability in Funlabs products Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet. | 5.0 |
2005-05-02 | CVE-2005-0848 | Funlabs | Unspecified vulnerability in Funlabs products Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl. | 5.0 |
2005-05-02 | CVE-2005-0847 | Code Ocean | Remote Denial of Service vulnerability in Code Ocean FTP Server 1.0 Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections. | 5.0 |
2005-05-02 | CVE-2005-0845 | Netwin | Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. | 5.0 |
2005-05-02 | CVE-2005-0843 | Phorum | Unspecified vulnerability in Phorum 5.0.14A CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header. | 5.0 |
2005-05-02 | CVE-2005-0837 | Icecast | Multiple vulnerability in Icecast XSL Parser IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . | 5.0 |
2005-05-02 | CVE-2005-0835 | Belkin | Multiple vulnerability in Belkin 54G Wireless Router F5D7130 The SNMP service in the Belkin 54G (F5D7130) wireless router allows remote attackers to cause a denial of service via unknown vectors. | 5.0 |
2005-05-02 | CVE-2005-0834 | Belkin | Multiple vulnerability in Belkin 54G Wireless Router Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information. | 5.0 |
2005-05-02 | CVE-2005-0831 | PHP Post | Remote Input Validation vulnerability in PHP-Post PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters. | 5.0 |
2005-05-02 | CVE-2005-0826 | Ollydbg | Denial Of Service vulnerability in OllyDbg Library Module Name OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a dynamic link library (DLL) with a long filename. | 5.0 |
2005-05-02 | CVE-2005-0820 | Microsoft | Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name. | 5.0 |
2005-05-02 | CVE-2005-0819 | Novell | Unspecified vulnerability in Novell Netware 6.5 The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start. | 5.0 |
2005-05-02 | CVE-2005-0817 | Symantec | Unspecified vulnerability in Symantec products Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. | 5.0 |
2005-05-02 | CVE-2005-0814 | Lysator | Unspecified vulnerability in Lysator LSH Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors. | 5.0 |
2005-05-02 | CVE-2005-0813 | Initial Redirect | Remote Buffer Overflow vulnerability in Initial Redirect Initial Redirect Squid Proxy Plug-In 0.1/0.2 Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors. | 5.0 |
2005-05-02 | CVE-2005-0812 | Notify Technology | Multiple vulnerability in Notify Technology Notifylink Enterpriseserver The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information. | 5.0 |
2005-05-02 | CVE-2005-0808 | Apache | Remote Malformed Request Denial Of Service vulnerability in Apache Tomcat Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | 5.0 |
2005-05-02 | CVE-2005-0806 | Ximian | Unspecified vulnerability in Ximian Evolution 2.0.3 Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames. | 5.0 |
2005-05-02 | CVE-2005-0804 | Mailenable | Remote Format String vulnerability in Mailenable Standard 1.8 Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field. | 5.0 |
2005-05-02 | CVE-2005-0803 | Microsoft | Resource Management Errors vulnerability in Microsoft Windows 2000 The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." | 5.0 |
2005-05-02 | CVE-2005-0801 | Includer CGI | Directory Traversal vulnerability in Includer.Cgi Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. | 5.0 |
2005-05-02 | CVE-2005-0796 | Hola | Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. | 5.0 |
2005-05-02 | CVE-2005-0779 | Platinumftp | Malformed User Name Connection Denial Of Service vulnerability in Platinumftp Platinumftpserver 1.0.18 PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username. | 5.0 |
2005-05-02 | CVE-2005-0778 | Photopost | Remote vulnerability in Photopost PHP PRO 5.0Rc3 PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif. | 5.0 |
2005-05-02 | CVE-2005-0776 | Photopost | Remote vulnerability in Photopost PHP PRO 5.0Rc3 adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos. | 5.0 |
2005-05-02 | CVE-2005-0760 | Imagemagick | Unspecified vulnerability in Imagemagick The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. | 5.0 |
2005-05-02 | CVE-2005-0746 | Novell | Remote Path Disclosure vulnerability in Novell Ichain 2.2/2.2.113/2.3 The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command. | 5.0 |
2005-05-02 | CVE-2005-0738 | Microsoft | Resource Exhaustion vulnerability in Microsoft Exchange Server 2003 Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. | 5.0 |
2005-05-02 | CVE-2005-0734 | PY Software | Denial-Of-Service vulnerability in PY Software Active Webcam 5.5 PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (memory exhaustion and process crash) via a large number of HTTP requests. | 5.0 |
2005-05-02 | CVE-2005-0733 | PY Software | Remote Security vulnerability in PY Software Active Webcam 5.5 PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not. | 5.0 |
2005-05-02 | CVE-2005-0732 | PY Software | Remote Security vulnerability in PY Software Active Webcam 5.5 PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to obtain the full path of the web server via a request for a non-existent filename, which leaks the full path in an error message. | 5.0 |
2005-05-02 | CVE-2005-0730 | PY Software | Denial-Of-Service vulnerability in PY Software Active Webcam 5.5 PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt. | 5.0 |
2005-05-02 | CVE-2005-0724 | PHP Arena | Information Disclosure vulnerability in paFileDB paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0677 | Phpoutsourcing | Remote Security vulnerability in PHPoutsourcing Zorum 3.5 index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter. | 5.0 |
2005-05-02 | CVE-2005-0659 | Phpbb Group | Information Disclosure vulnerability in phpBB phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0655 | Arif Supriyanto | Information Disclosure vulnerability in Arif Supriyanto Auracms 1.5 auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0654 | Gimp | Unspecified vulnerability in Gimp 2.0.5/2.2.3/2.2.4 gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero. | 5.0 |
2005-05-02 | CVE-2005-0647 | PHP Arena | Remote Security vulnerability in PHP Arena Panews 2.0.4B admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. | 5.0 |
2005-05-02 | CVE-2005-0637 | Openbsd | Unspecified vulnerability in Openbsd 3.5/3.6 The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory. | 5.0 |
2005-05-02 | CVE-2005-0621 | Enlight Software | Denial-Of-Service vulnerability in Enlight Software Scrapland 1.0 Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets. | 5.0 |
2005-05-02 | CVE-2005-0607 | Devellion | Remote Security vulnerability in Cubecart CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0599 | Cisco | Remote vulnerability in Cisco Application and Content Networking System Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, or 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (CPU consumption) via malformed IP packets. | 5.0 |
2005-05-02 | CVE-2005-0597 | Cisco | Remote vulnerability in Cisco Application and Content Networking System Cisco devices running Application and Content Networking System (ACNS) 5.0 before 5.0.17.6 and 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (process restart) via a "crafted TCP connection." | 5.0 |
2005-05-02 | CVE-2005-0590 | Mozilla | Remote vulnerability in Mozilla Firefox, Mozilla and Thunderbird The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname. | 5.0 |
2005-05-02 | CVE-2005-0589 | Mozilla | Remote vulnerability in Mozilla Suite The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability. | 5.0 |
2005-05-02 | CVE-2005-0588 | Mozilla | Remote vulnerability in Mozilla Suite Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system. | 5.0 |
2005-05-02 | CVE-2005-0583 | Broadcom | Unspecified vulnerability in Broadcom License Software 0.1.0.15 Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. | 5.0 |
2005-05-02 | CVE-2005-0574 | Cupidsystems | Remote Directory Traversal vulnerability in Cupidsystems CIS Webserver 3.5.13 Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. | 5.0 |
2005-05-02 | CVE-2005-0573 | ROB Flynn | Denial-Of-Service vulnerability in ROB Flynn Gaim 1.1.3 Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters. | 5.0 |
2005-05-02 | CVE-2005-0571 | Punbb | Remote Security vulnerability in Punbb 1.2.1 admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter. | 5.0 |
2005-05-02 | CVE-2005-0570 | Punbb | Remote Input Validation vulnerability in Punbb 1.2.1 profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL. | 5.0 |
2005-05-02 | CVE-2005-0568 | Raven Software | Remote Denial Of Service vulnerability in Raven Software Soldier Of Fortune 2 Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference. | 5.0 |
2005-05-02 | CVE-2005-0544 | Phpmyadmin | Remote Security vulnerability in PHPmyadmin 2.6.1 phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0540 | Cyclades | Information Disclosure vulnerability in Cyclades Alterpath Manager 1.2.1 Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page. | 5.0 |
2005-05-02 | CVE-2005-0538 | Ginp | Directory Traversal vulnerability in Ginp 0.20/0.21 Directory traversal vulnerability in (1) GinpPictureServlet.java and (2) PicCollection.java in ginp (Java Photo Gallery Web Application) before 0.22 allows remote attackers to read arbitrary files. | 5.0 |
2005-05-02 | CVE-2005-0536 | Mediawiki | Unspecified vulnerability in Mediawiki Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion. | 5.0 |
2005-05-02 | CVE-2005-0525 | PHP | Unspecified vulnerability in PHP The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. | 5.0 |
2005-05-02 | CVE-2005-0524 | PHP | Unspecified vulnerability in PHP The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. | 5.0 |
2005-05-02 | CVE-2005-0500 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks. | 5.0 |
2005-05-02 | CVE-2005-0493 | Seth M Knorr | Security Bypass vulnerability in Biz Mail Form CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter. | 5.0 |
2005-05-02 | CVE-2005-0461 | Leonard Richardson | Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote attackers to "take actions on comments." | 5.0 |
2005-05-02 | CVE-2005-0460 | Mercuryboard | Information Disclosure vulnerability in Mercuryboard 1.0/1.1/1.1.1 index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter. | 5.0 |
2005-05-02 | CVE-2005-0459 | Phpmyadmin | Remote Security vulnerability in phpMyAdmin phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0451 | Sami | Denial-Of-Service vulnerability in Sami Http Server 1.0.5 Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of service via an HTTP request containing two CRLF sequences, which triggers a NULL dereference. | 5.0 |
2005-05-02 | CVE-2005-0450 | Sami | Directory Traversal vulnerability in Sami Http Server 1.0.5 Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows remote attackers to read arbitrary files via an HTTP request containing (1) .. | 5.0 |
2005-05-02 | CVE-2005-0446 | Squid | Remote Denial Of Service vulnerability in Squid Proxy DNS Name Resolver Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure. | 5.0 |
2005-05-02 | CVE-2005-0442 | Devellion | Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4 Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter. | 5.0 |
2005-05-02 | CVE-2005-0438 | Awstats | Information Disclosure vulnerability in Awstats 6.3/6.4 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. | 5.0 |
2005-05-02 | CVE-2005-0435 | Awstats | Remote Security vulnerability in Awstats 6.3/6.4 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. | 5.0 |
2005-05-02 | CVE-2005-0432 | BEA | Remote Security vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks. | 5.0 |
2005-05-02 | CVE-2005-0429 | Jelsoft | Remote Command Execution vulnerability in VBulletin Forumdisplay.PHP Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter. | 5.0 |
2005-05-02 | CVE-2005-0428 | Powerdns | Remote Denial of Service vulnerability in Powerdns 2.0Rc1/2.8/2.9.15 The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes. | 5.0 |
2005-05-02 | CVE-2005-0427 | Gentoo | Remote Security vulnerability in webmin-1.140.ebuild The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. | 5.0 |
2005-05-02 | CVE-2005-0426 | SUN | Local Denial Of Service vulnerability in Sun Solaris UDP Processing Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference. | 5.0 |
2005-05-02 | CVE-2005-0425 | IBM | Remote Security vulnerability in Websphere Application Server 5.0/5.1.0/6.0 Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. | 5.0 |
2005-05-02 | CVE-2005-0404 | Kmail KDE | KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email. | 5.0 |
2005-05-02 | CVE-2005-0391 | Daniel DE Rauglaudre | Unspecified vulnerability in Daniel DE Rauglaudre Geneweb geneweb 4.10 and earlier does not properly check file permissions and content during conversion, which allows attackers to modify arbitrary files. | 5.0 |
2005-05-02 | CVE-2005-0382 | Breed | Remote Denial of Service vulnerability in Breed Patch1 Breed patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via an empty UDP packet, which triggers a null dereference. | 5.0 |
2005-05-02 | CVE-2005-0379 | Zeroboard | File Disclosure vulnerability in Zeroboard Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-0375 | Sergey Kiselev | Information Disclosure vulnerability in Sergey Kiselev Sgallery 1.01 imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function. | 5.0 |
2005-05-02 | CVE-2005-0371 | Armagetron | Unspecified vulnerability in Armagetron and Armagetron Advanced Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data. | 5.0 |
2005-05-02 | CVE-2005-0370 | Armagetron | Denial-Of-Service vulnerability in Armagetron and Armagetron Advanced Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (network disconnection) via an empty UDP packet, which is not properly distinguished from the "no new packets" state of the associated socket. | 5.0 |
2005-05-02 | CVE-2005-0366 | Gnupg | Inadequate Encryption Strength vulnerability in Gnupg The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. | 5.0 |
2005-05-02 | CVE-2005-0345 | PHP Fusion | Unspecified vulnerability in PHP Fusion PHP Fusion 4.0 viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter. | 5.0 |
2005-05-02 | CVE-2005-0344 | Software602 | Directory Traversal vulnerability in Software602 602Lan Suite 2004.0.04.1221 Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-0340 | Apple | Remote Integer Overflow vulnerability in Apple Mac OS X AppleFileServer Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet. | 5.0 |
2005-05-02 | CVE-2005-0335 | Emotion | Multiple vulnerability in Emotion Mediapartner web Server 5.0 Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-0334 | Linksys | Unspecified vulnerability in Linksys Psus4 Printserver 6032 Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service (device crash) via an HTTP POST request containing an unknown parameter without a value. | 5.0 |
2005-05-02 | CVE-2005-0333 | Lanchat PRO Revival | Remote Denial Of Service vulnerability in Lanchat PRO Revival Lanchat PRO Revival 1.666C LANChat Pro Revival 1.666c allows remote attackers to cause a denial of service (application crash) via a malformed UDP packet. | 5.0 |
2005-05-02 | CVE-2005-0328 | Netgear Zyxel | Remote Security vulnerability in Rt311 Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address. | 5.0 |
2005-05-02 | CVE-2005-0326 | PHP Arena | Information Disclosure vulnerability in PHP Arena Pafiledb 3.1 pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script. | 5.0 |
2005-05-02 | CVE-2005-0325 | Techland | Remote Denial Of Service vulnerability in Techland Xpand Rally 1.0 Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations. | 5.0 |
2005-05-02 | CVE-2005-0310 | Exponent | Information Disclosure vulnerability in Exponent 0.95 Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path in an error message because the pathos_core_version variable is undefined. | 5.0 |
2005-05-02 | CVE-2005-0304 | Divx | Directory Traversal vulnerability in Divx Player 2.6 Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-0299 | Gforge | Information Disclosure vulnerability in GForge Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. | 5.0 |
2005-05-02 | CVE-2005-0298 | Oracle | Unspecified vulnerability in Oracle Database Server The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. | 5.0 |
2005-05-02 | CVE-2005-0293 | Minis | Remote Directory Traversal vulnerability in Minis 0.2.1 Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-0289 | Apple | Remote Denial of Service vulnerability in Apple AirPort Wireless Distribution System Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs. | 5.0 |
2005-05-02 | CVE-2005-0286 | Emotion | Multiple vulnerability in eMotion MediaPartner Enterprise eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . | 5.0 |
2005-05-02 | CVE-2005-0279 | Jowood Productions | Remote vulnerability in Soldner Secret Wars Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet. | 5.0 |
2005-05-02 | CVE-2005-0278 | 3Com | Remote vulnerability in 3Com 3Cdaemon 2.0 The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message. | 5.0 |
2005-05-02 | CVE-2005-0277 | 3Com | Remote vulnerability in 3Com 3Cdaemon 2.0 Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls. | 5.0 |
2005-05-02 | CVE-2005-0276 | 3Com | Remote vulnerability in 3Com 3Cdaemon 2.0 Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands. | 5.0 |
2005-05-02 | CVE-2005-0275 | 3Com | Denial-Of-Service vulnerability in 3Com 3Cdaemon 2.0 TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name. | 5.0 |
2005-05-02 | CVE-2005-0256 | Washington University | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Washington University Wu-Ftpd 2.6.1/2.6.2 The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. | 5.0 |
2005-05-02 | CVE-2005-0255 | Mozilla | Remote vulnerability in Mozilla Firefox, Mozilla and Thunderbird String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption. | 5.0 |
2005-05-02 | CVE-2005-0241 | Squid | Remote vulnerability in Squid Proxy Oversize HTTP Headers The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size. | 5.0 |
2005-05-02 | CVE-2005-0238 | Gnome Mozilla Omnigroup Opera | The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 5.0 |
2005-05-02 | CVE-2005-0237 | KDE | Unspecified vulnerability in KDE and Konqueror The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 5.0 |
2005-05-02 | CVE-2005-0236 | Omnigroup | Unspecified vulnerability in Omnigroup Omniweb 5 The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 5.0 |
2005-05-02 | CVE-2005-0235 | Opera | Unspecified vulnerability in Opera Browser The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 5.0 |
2005-05-02 | CVE-2005-0234 | Apple | Unspecified vulnerability in Apple Safari 1.2.5 The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 5.0 |
2005-05-02 | CVE-2005-0223 | SUN Compaq | Denial-Of-Service vulnerability in Rte The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization. | 5.0 |
2005-05-02 | CVE-2005-0222 | Gallery Project | Denial-Of-Service vulnerability in Gallery Project Gallery 2.0Alpha main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message. | 5.0 |
2005-05-02 | CVE-2005-0220 | Gallery Project | Cross-Site Scripting vulnerability in Gallery Project Gallery 1.4.4Pl2 Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. | 5.0 |
2005-05-02 | CVE-2005-0218 | Clam Anti Virus | Unspecified vulnerability in Clam Anti-Virus Clamav ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL. | 5.0 |
2005-05-02 | CVE-2005-0215 | Mozilla | Denial-Of-Service vulnerability in Mozilla 1.6 Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value. | 5.0 |
2005-05-02 | CVE-2005-0214 | Alexander Palmo | Remote Directory Traversal vulnerability in Alexander Palmo Simple PHP Blog 0.3.7C Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-0213 | Webtoolmaster Software | Remote vulnerability in Webtoolmaster Software Winhki 1.4D Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-0212 | AMP | Remote Denial Of Service vulnerability in Amp II 3D Game Engine The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero byte UDP packet. | 5.0 |
2005-05-02 | CVE-2005-0208 | ROB Flynn | Remote Denial of Service vulnerability in Gaim The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473. | 5.0 |
2005-05-02 | CVE-2005-0202 | GNU | Unspecified vulnerability in GNU Mailman Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. | 5.0 |
2005-05-02 | CVE-2005-0196 | Cisco | Unspecified vulnerability in Cisco IOS Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet. | 5.0 |
2005-05-02 | CVE-2005-0195 | Cisco | Unspecified vulnerability in Cisco IOS Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet. | 5.0 |
2005-05-02 | CVE-2005-0148 | Mozilla | Unspecified vulnerability in Mozilla Thunderbird 0.6/0.7/0.8 Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. | 5.0 |
2005-05-02 | CVE-2005-0146 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation. | 5.0 |
2005-05-02 | CVE-2005-0133 | Clam Anti Virus | Unspecified vulnerability in Clam Anti-Virus Clamav ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers. | 5.0 |
2005-05-02 | CVE-2005-0127 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. | 5.0 |
2005-05-02 | CVE-2005-0083 | Mysql | Unspecified vulnerability in Mysql Maxdb 7.5.00 MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference. | 5.0 |
2005-05-02 | CVE-2005-0080 | GNU Ubuntu | Remote Security vulnerability in Ubuntu Linux The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | 5.0 |
2005-05-02 | CVE-2005-0071 | VDR | Remote File Access vulnerability in VDR Daemon vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files. | 5.0 |
2005-05-02 | CVE-2005-0033 | ISC | Remote Buffer Overflow vulnerability in ISC Bind 8.4.4/8.4.5 Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses. | 5.0 |
2005-05-02 | CVE-2001-1420 | AOL | Denial of Service vulnerability in AOL Instant Messenger 4.7 AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow. | 5.0 |
2005-05-02 | CVE-1999-1557 | Ipswitch | Denial-Of-Service vulnerability in Ipswitch Imail 5.0 Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. | 5.0 |
2005-05-02 | CVE-1999-1374 | Arpanet | Unspecified vulnerability in Arpanet Perlshop perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request. | 5.0 |
2005-05-04 | CVE-2005-1330 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception. | 4.9 |
2005-05-02 | CVE-2005-0210 | Linux | Resource Management Errors vulnerability in Linux Kernel 2.6.8.1 Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice. | 4.9 |
2005-05-02 | CVE-2005-1111 | GNU Debian Canonical | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | 4.7 |
2005-05-06 | CVE-2005-1406 | Freebsd | Local Kernel Memory Disclosure vulnerability in FreeBSD The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory. | 4.6 |
2005-05-06 | CVE-2005-1400 | Freebsd | Unspecified vulnerability in Freebsd The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. | 4.6 |
2005-05-06 | CVE-2005-1399 | Freebsd | Unspecified vulnerability in Freebsd FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. | 4.6 |
2005-05-04 | CVE-2005-1338 | Apple | Local Security vulnerability in Apple mac OS X 10.3.9 Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext. | 4.6 |
2005-05-04 | CVE-2005-1336 | Apple | Local Security vulnerability in Apple mac OS X 10.3.9 Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable. | 4.6 |
2005-05-04 | CVE-2005-1194 | Redhat | Remote Buffer Overflow vulnerability in Redhat products Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. | 4.6 |
2005-05-03 | CVE-2005-1442 | IBM | Local NOTES.INI Buffer Overflow vulnerability in IBM Lotus Notes Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. | 4.6 |
2005-05-03 | CVE-2005-1433 | HP | Denial-Of-Service vulnerability in OpenView Event Correlation Services 3.2/3.3 Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code. | 4.6 |
2005-05-03 | CVE-2005-1418 | Netleaf Limited | Local Information Disclosure vulnerability in Netleaf Limited Notjustbrowsing 1.0.3 NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges. | 4.6 |
2005-05-03 | CVE-2005-1414 | Exoticsoft | Local Information Disclosure vulnerability in FilePocket ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges. | 4.6 |
2005-05-03 | CVE-2005-1411 | Cybration | Password Local Information Disclosure vulnerability in Cybration Icuii 7.0 Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges. | 4.6 |
2005-05-03 | CVE-2005-1407 | Skype Technologies | Local Security vulnerability in Skype Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. | 4.6 |
2005-05-03 | CVE-2005-1393 | Esri | Unspecified vulnerability in Esri Arcinfo Workstation 9.0 Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery. | 4.6 |
2005-05-03 | CVE-2005-1392 | Phpmyadmin | Unspecified vulnerability in PHPmyadmin 2.6.2 The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. | 4.6 |
2005-05-03 | CVE-2005-1379 | Mandrakesoft | Unspecified vulnerability in Mandrakesoft Mandrake Lam-Runtime 7.0.6.2Mdk The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges. | 4.6 |
2005-05-03 | CVE-2005-1372 | Bakbone | Local Privilege Escalation vulnerability in BakBone NetVault NVStatsMngr.EXE nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu. | 4.6 |
2005-05-03 | CVE-2005-0106 | Ubuntu | Unspecified vulnerability in Ubuntu Linux 5.04 SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file. | 4.6 |
2005-05-02 | CVE-2005-1229 | GNU | Directory Traversal vulnerability in CPIO Filename Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. | 4.6 |
2005-05-02 | CVE-2005-1185 | Musicmatch | Local Security vulnerability in Jukebox Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe. | 4.6 |
2005-05-02 | CVE-2005-1124 | SUN | Local Security vulnerability in Solaris Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API. | 4.6 |
2005-05-02 | CVE-2005-1097 | Rebrand | Local Security vulnerability in Rebrand P2P Share SPY 2.2 Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the txtPassword value in the registry, which allows local users to gain privileges. | 4.6 |
2005-05-02 | CVE-2005-0993 | SCO | Local Buffer Overflow vulnerability in SCO OpenServer NWPrint Command Line Argument Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument. | 4.6 |
2005-05-02 | CVE-2005-0964 | Kerio | Local Network Access Restriction Bypass vulnerability in Kerio Personal Firewall Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions. | 4.6 |
2005-05-02 | CVE-2005-0921 | Microsoft | Unspecified vulnerability in Microsoft Outlook Connector 2002 Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. | 4.6 |
2005-05-02 | CVE-2005-0844 | Nortel | Cryptographic Issues vulnerability in Nortel Contivity 5.01 Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. | 4.6 |
2005-05-02 | CVE-2005-0823 | Thepoolclub | Local Credential Storage vulnerability in Thepoolclub Ipool and Isnooker ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges. | 4.6 |
2005-05-02 | CVE-2005-0811 | Notify Technology | Multiple vulnerability in Notify Technology Notifylink Enterpriseserver The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs. | 4.6 |
2005-05-02 | CVE-2005-0763 | Midnight Commander | Unspecified vulnerability in Midnight Commander Midnight Commander Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. | 4.6 |
2005-05-02 | CVE-2005-0712 | Apple | Unspecified vulnerability in Apple mac OS X 10.1/10.2/10.3.4 Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles. | 4.6 |
2005-05-02 | CVE-2005-0710 | Mysql Oracle | Remote vulnerability in MySQL AB MySQL MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function. | 4.6 |
2005-05-02 | CVE-2005-0709 | Mysql Oracle | Code Injection vulnerability in multiple products MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. | 4.6 |
2005-05-02 | CVE-2005-0666 | THE PAX Team | Privilege Escalation vulnerability in PaX VMA Mirroring Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code. | 4.6 |
2005-05-02 | CVE-2005-0653 | Phpmyadmin | Local Security vulnerability in PHPmyadmin 2.6.1 phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | 4.6 |
2005-05-02 | CVE-2005-0627 | Trolltech | Local Code Execution vulnerability in Trolltech QT Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. | 4.6 |
2005-05-02 | CVE-2005-0604 | GFI | Local Security vulnerability in GFI Languard Network Security Scanner 5.0 lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials. | 4.6 |
2005-05-02 | CVE-2005-0581 | Broadcom | Unspecified vulnerability in Broadcom License Software 0.1.0.15 Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format. | 4.6 |
2005-05-02 | CVE-2005-0542 | Cyclades | Local Security vulnerability in Cyclades Alterpath Manager 1.2.1 saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true. | 4.6 |
2005-05-02 | CVE-2005-0539 | IBM | Local Security vulnerability in IBM Hardware Management Console 4.1/4.2 Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard. | 4.6 |
2005-05-02 | CVE-2005-0522 | Lionmax Software | Unspecified vulnerability in Lionmax Software Chat Anywhere 2.72A Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges. | 4.6 |
2005-05-02 | CVE-2005-0311 | Ingate | Unspecified vulnerability in Ingate Firewall Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources. | 4.6 |
2005-05-02 | CVE-2005-0285 | Bottomline | Unspecified vulnerability in Bottomline Webseries Payment Application 4.0 Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs. | 4.6 |
2005-05-02 | CVE-2005-0205 | Bernd Wuebben KDE | KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp. | 4.6 |
2005-05-02 | CVE-2005-0121 | Alexander Siegel | Local Security vulnerability in Alexander Siegel Golddig 2.0 Multiple buffer overflows in golddig 2.0 and earlier allow local users to execute arbitrary code via (1) a long map name command line argument or (2) a long username as recorded in the USER environment variable. | 4.6 |
2005-05-02 | CVE-2005-0079 | Xtrlock | Local Buffer Overflow vulnerability in Xtrlock 2.0 Buffer overflow in xtrlock 2.0 allows local users to cause a denial of service (application crash) and hijack the desktop session. | 4.6 |
2005-05-02 | CVE-2005-0078 | Debian KDE Redhat | The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. | 4.6 |
2005-05-02 | CVE-2005-0073 | Debian | Unspecified vulnerability in Debian Sympa 3.3.3 Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code. | 4.6 |
2005-05-02 | CVE-2005-0022 | University OF Cambridge | Remote Buffer Overflow vulnerability in University of Cambridge Exim 4.41/4.42 Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication. | 4.6 |
2005-05-03 | CVE-2005-1388 | Survivor | Cross-Site Scripting vulnerability in Survivor 0.9.5A Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-05-02 | CVE-2005-1359 | Text CGI | Cross-Site Scripting vulnerability in Text.Cgi Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | 4.3 |
2005-05-02 | CVE-2005-1356 | Includer CGI | Cross-Site Scripting vulnerability in Includer.Cgi Cross-site scripting (XSS) vulnerability in includer.cgi script in The Includer allows remote attackers to inject arbitrary web script or HTML via the argument. | 4.3 |
2005-05-02 | CVE-2005-1352 | Leif M Wright | Cross-Site Scripting vulnerability in ad.cgi Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | 4.3 |
2005-05-02 | CVE-2005-1327 | Woltlab | Cross-Site Scripting vulnerability in WoltLab Burning Board Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter. | 4.3 |
2005-05-02 | CVE-2005-1324 | Matthieu Aubry | Cross-Site Scripting vulnerability in Phpmyvisites Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters. | 4.3 |
2005-05-02 | CVE-2005-1322 | Horde | Cross-Site Scripting vulnerability in Horde NAG 1.1.1/1.1.2 Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | 4.3 |
2005-05-02 | CVE-2005-1321 | Horde | Cross-Site Scripting vulnerability in Vaction Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | 4.3 |
2005-05-02 | CVE-2005-1320 | Horde | Cross-Site Scripting vulnerability in Mnemo Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | 4.3 |
2005-05-02 | CVE-2005-1319 | Horde | Cross-Site Scripting vulnerability in IMP Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | 4.3 |
2005-05-02 | CVE-2005-1318 | Horde | Cross-Site Scripting vulnerability in Horde Forwards 2.1/2.2/2.2.1 Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | 4.3 |
2005-05-02 | CVE-2005-1316 | Horde | Cross-Site Scripting vulnerability in Horde Accounts 2.1/2.1.1 Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | 4.3 |
2005-05-02 | CVE-2005-1315 | Horde | Cross-Site Scripting vulnerability in Turba Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | 4.3 |
2005-05-02 | CVE-2005-1314 | Horde | Cross-Site Scripting vulnerability in Horde Kronolith 1.1.3 Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | 4.3 |
2005-05-02 | CVE-2005-1313 | Horde | Cross-Site Scripting vulnerability in Passwd Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | 4.3 |
2005-05-02 | CVE-2005-1311 | Yappa NG | Cross-Site Scripting vulnerability in Yappa-NG Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-05-02 | CVE-2005-1309 | Eaden Mckee | Cross-Site Scripting vulnerability in Eaden Mckee Bblog 0.7.4 Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text. | 4.3 |
2005-05-02 | CVE-2005-1292 | Elemental Software | Cross-Site Scripting vulnerability in CartWIZ Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp. | 4.3 |
2005-05-02 | CVE-2005-1290 | Phpbb Group | Cross-Site Scripting vulnerability in phpBB Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. | 4.3 |
2005-05-02 | CVE-2005-1282 | Argosoft | HTML Injection vulnerability in Argosoft Mail Server 1.8.7.6 Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface. | 4.3 |
2005-05-02 | CVE-2005-1245 | Mediawiki | HTML Tidy Cross-Site Scripting vulnerability in MediaWiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-05-02 | CVE-2005-1231 | Jaws | HTML Injection vulnerability in Jaws 0.3/0.4/0.5Beta2 Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description. | 4.3 |
2005-05-02 | CVE-2005-1189 | Webcamxp | Cross-Site Scripting vulnerability in Webcamxp Pro Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites. | 4.3 |
2005-05-02 | CVE-2005-1188 | Comersus Open Technologies | Cross-Site Scripting vulnerability in Comersus Cart Comersus_Search_Item.ASP Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter. | 4.3 |
2005-05-02 | CVE-2005-1183 | Mvnforum | Cross-Site Scripting vulnerability in Mvnforum 1.0Rc4 Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter. | 4.3 |
2005-05-02 | CVE-2005-1172 | Coppermine | HTML Injection vulnerability in Coppermine Photo Gallery X-Forwarded-For Logging Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter. | 4.3 |
2005-05-02 | CVE-2005-1171 | Datenbank Module | Remote Mod.PHP Cross-Site Scripting vulnerability in Datenbank Module For PHPBB Cross-site scripting (XSS) vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2005-05-02 | CVE-2005-1135 | Alexander Palmo | Cross-Site Scripting vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
2005-05-02 | CVE-2005-1120 | Ilohamail | Remote HTML Injection vulnerability in IlohaMail Email Message Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type. | 4.3 |
2005-05-02 | CVE-2005-1116 | Phpbb Group | Cross-Site Scripting vulnerability in phpBB Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. | 4.3 |
2005-05-02 | CVE-2005-1115 | Phpbb Group Smartor | Cross-Site Scripting vulnerability in PHPBB Photo Album Module Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. | 4.3 |
2005-05-02 | CVE-2005-1113 | Phpbb Group | Cross-Site Scripting vulnerability in PHPbb Group PHPbb Plus 1.3/1.51 Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php. | 4.3 |
2005-05-02 | CVE-2005-1104 | Centra | Unspecified vulnerability in Centra 7 Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields. | 4.3 |
2005-05-02 | CVE-2005-1095 | Ocean12 Technologies | Cross-Site Scripting vulnerability in Ocean12 Membership Manager Pro Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2005-05-02 | CVE-2005-1085 | Aewebworks | Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML. | 4.3 |
2005-05-02 | CVE-2005-1081 | Azerbaijan Development Group | Multiple vulnerability in Azerbaijan Development Group Azdgdating 1.1.0 Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2005-05-02 | CVE-2005-1076 | Webct | HTML Injection vulnerability in Webct Campus4.1 Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field. | 4.3 |
2005-05-02 | CVE-2005-1075 | Radscripts | Multiple vulnerability in Radscripts Radbids 2 Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php. | 4.3 |
2005-05-02 | CVE-2005-1068 | Scssboard | Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via [url] tags. | 4.3 |
2005-05-02 | CVE-2005-1053 | Moderngigabyte | Unspecified vulnerability in Moderngigabyte Modernbill Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters. | 4.3 |
2005-05-02 | CVE-2005-1030 | Active WEB Softwares | Cross-Site Scripting vulnerability in Active web Softwares Active Auction House 7.1 Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp. | 4.3 |
2005-05-02 | CVE-2005-1027 | Francisco Burzi | Cross-Site Scripting vulnerability in PHP-Nuke Modules.PHP Username URI Parameter Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. | 4.3 |
2005-05-02 | CVE-2005-1023 | Francisco Burzi | Unspecified vulnerability in Francisco Burzi PHP-Nuke Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. | 4.3 |
2005-05-02 | CVE-2005-1016 | Maxwebportal | Input Validation vulnerability in MaxWebPortal Events And Links Interface Cross-site scripting (XSS) vulnerability in links_add_form.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL. | 4.3 |
2005-05-02 | CVE-2005-1012 | Iatek | Cross-Site Scripting vulnerability in SiteEnable Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description. | 4.3 |
2005-05-02 | CVE-2005-1010 | Comersus Open Technologies | HTML Injection vulnerability in Comersus Open Technologies Comersus Cart 6.0.3 Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username. | 4.3 |
2005-05-02 | CVE-2005-1008 | ASP DEV | Unspecified vulnerability in Asp-Dev XM Forum RC3 Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag. | 4.3 |
2005-05-02 | CVE-2005-1006 | Sonicwall | Cross-site Scripting vulnerability in Sonicwall Soho Firmware 5.1.7.0 Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | 4.3 |
2005-05-02 | CVE-2005-1004 | Profitcode | Unspecified vulnerability in Profitcode Payprocart 3.0 Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter. | 4.3 |
2005-05-02 | CVE-2005-1000 | Francisco Burzi | Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6 Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module. | 4.3 |
2005-05-02 | CVE-2005-0995 | Early Impact | Input Validation vulnerability in Early Impact Productcart 2.7 Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. | 4.3 |
2005-05-02 | CVE-2005-0992 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPMyAdmin Convcharset Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. | 4.3 |
2005-05-02 | CVE-2005-0982 | YET Another Forum NET | Unspecified vulnerability in YET Another Forum.Net YET Another Forum.Net 0.9.9 Multiple cross-site scripting (XSS) vulnerabilities in Yet Another Forum.net 0.9.9 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, or (3) Subject field. | 4.3 |
2005-05-02 | CVE-2005-0981 | Alstrasoft | Cross-Site Scripting vulnerability in Alstrasoft Epay 2.0 Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter. | 4.3 |
2005-05-02 | CVE-2005-0961 | Horde | Unspecified vulnerability in Horde Application Framework 3.0.4Rc1 Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. | 4.3 |
2005-05-02 | CVE-2005-0949 | Iatek | Input Validation vulnerability in Iatek PortalApp Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter. | 4.3 |
2005-05-02 | CVE-2005-0945 | ASP Press | Unspecified vulnerability in ASP Press ACS Blog 1.1.1 Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags. | 4.3 |
2005-05-02 | CVE-2005-0934 | Wackowiki | Cross-Site Scripting vulnerability in Wackowiki R4 Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-05-02 | CVE-2005-0930 | Chatness | HTML Injection vulnerability in Chatness 2.5.1 Cross-site scripting (XSS) vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the user field or (2) the message parameter to message.php. | 4.3 |
2005-05-02 | CVE-2005-0928 | Photopost | Unspecified vulnerability in Photopost PHP PRO 5.02 Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php. | 4.3 |
2005-05-02 | CVE-2005-0925 | Uapplication | Cross-Site Scripting vulnerability in Uapplication Ublog Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2005-05-02 | CVE-2005-0910 | E Xoops | Cross-Site Scripting vulnerability in E-Xoops Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php. | 4.3 |
2005-05-02 | CVE-2005-0901 | Nukebookmarks | Cross-Site Scripting vulnerability in Nukebookmarks 0.6 Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the (1) catname, (2) markname, (3) comment, or (4) category parameter. | 4.3 |
2005-05-02 | CVE-2005-0896 | Accomplishtechnology | Cross-Site Scripting vulnerability in Accomplishtechnology PHPmydirectory 10.1.3 Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter. | 4.3 |
2005-05-02 | CVE-2005-0888 | Michael Dean | Unspecified vulnerability in Michael Dean Double Choco Latte 0.9.4.3 Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name. | 4.3 |
2005-05-02 | CVE-2005-0886 | Invision Power Services | HTML Injection vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request. | 4.3 |
2005-05-02 | CVE-2005-0885 | XMB Forum | Unspecified vulnerability in XMB Forum XMB 1.9.1 Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) "Send To" fields. | 4.3 |
2005-05-02 | CVE-2005-0873 | Oracle | Remote Cross-Site Scripting vulnerability in Oracle 10G Reports Server 9.0.4.3.3 Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. | 4.3 |
2005-05-02 | CVE-2005-0872 | Phpbb Group | Unspecified vulnerability in PHPbb Group PHPbb 1.0.1 Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. | 4.3 |
2005-05-02 | CVE-2005-0870 | Phpsysinfo | Cross-Site Scripting vulnerability in PHPsysinfo 2.3 Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php. | 4.3 |
2005-05-02 | CVE-2005-0863 | Phpopenchat | HTML Injection vulnerability in PHPopenchat 3.0.0/3.0.1/3.0.2 Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php. | 4.3 |
2005-05-02 | CVE-2005-0857 | Coolforum | Cross-Site Scripting And SQL Injection vulnerability in CoolForum Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. | 4.3 |
2005-05-02 | CVE-2005-0846 | Netwin | Cross-Site Scripting vulnerability in Netwin Surgemail 2.2G3 Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field. | 4.3 |
2005-05-02 | CVE-2005-0842 | Kayako | Unspecified vulnerability in Kayako Esupport 2.3 Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter. | 4.3 |
2005-05-02 | CVE-2005-0829 | PHP Fusion | Unspecified vulnerability in PHP Fusion PHP Fusion 5.01 Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters. | 4.3 |
2005-05-02 | CVE-2005-0818 | Punbb | Unspecified vulnerability in Punbb 1.2.3 Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters. | 4.3 |
2005-05-02 | CVE-2005-0802 | ASP Press | Cross-Site Scripting vulnerability in ACS Blog Search.ASP Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter. | 4.3 |
2005-05-02 | CVE-2005-0785 | Yabb | Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1 Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
2005-05-02 | CVE-2005-0784 | Phorum | Subject and Attachment HTML Injection vulnerability in Phorum 5.0.14 Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel. | 4.3 |
2005-05-02 | CVE-2005-0783 | Phorum | Subject and Attachment HTML Injection vulnerability in Phorum 5.0.14 Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. | 4.3 |
2005-05-02 | CVE-2005-0782 | PHP Arena | SQL Injection And Cross-Site Scripting vulnerability in PAFileDB Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php. | 4.3 |
2005-05-02 | CVE-2005-0777 | Photopost | Remote vulnerability in Photopost PHP PRO 5.0Rc3 Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile. | 4.3 |
2005-05-02 | CVE-2005-0742 | SUN | Cross-Site Scripting vulnerability in SUN Java System Application Server 7.0 Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-05-02 | CVE-2005-0682 | Drupal | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs. | 4.3 |
2005-05-02 | CVE-2005-0675 | Phpoutsourcing | Cross-Site Scripting vulnerability in PHPoutsourcing Zorum 3.3/3.4/3.5 Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters. | 4.3 |
2005-05-02 | CVE-2005-0673 | Phpbb Group | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.13 Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. | 4.3 |
2005-05-02 | CVE-2005-0670 | Coinsoft Technologies | Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts. | 4.3 |
2005-05-02 | CVE-2005-0662 | Mercuryboard | Cross-Site Scripting vulnerability in Mercuryboard 1.1.2 Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field. | 4.3 |
2005-05-02 | CVE-2005-0660 | Adalis | Cross-Site Scripting vulnerability in Adalis D-Forum 1.11 Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3. | 4.3 |
2005-05-02 | CVE-2005-0656 | Arif Supriyanto | Cross-Site Scripting vulnerability in Arif Supriyanto Auracms 1.5 Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php. | 4.3 |
2005-05-02 | CVE-2005-0650 | Projectbb | Remote Cross-Site Scripting vulnerability in Projectbb 0.4.5.1 Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section. | 4.3 |
2005-05-02 | CVE-2005-0649 | Pixel Apes Group | Cross-Site Scripting vulnerability in Safehtml Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." | 4.3 |
2005-05-02 | CVE-2005-0648 | Pixel Apes Group | Cross-Site Scripting vulnerability in Pixel-Apes Group Safehtml 1.3.0 Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol." | 4.3 |
2005-05-02 | CVE-2005-0645 | Cutephp | Cross-Site Scripting vulnerability in cuteNews Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php. | 4.3 |
2005-05-02 | CVE-2005-0606 | Devellion | Cross-Site Scripting vulnerability in CubeCart Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters. | 4.3 |
2005-05-02 | CVE-2005-0549 | SUN | Unspecified vulnerability in SUN Solaris Answerbook2 1.4/1.4.2/1.4.4 Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function. | 4.3 |
2005-05-02 | CVE-2005-0534 | Mediawiki | Unspecified vulnerability in Mediawiki Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script. | 4.3 |
2005-05-02 | CVE-2005-0526 | Pblang | Cross-Site Scripting vulnerability in Pblang 4.65 Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php. | 4.3 |
2005-05-02 | CVE-2005-0458 | Oscommerce | Cross-Site Scripting vulnerability in Oscommerce 2.2Ms2 Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. | 4.3 |
2005-05-02 | CVE-2005-0445 | Open Webmail | Cross-Site Scripting vulnerability in Open WebMail Logindomain Parameter Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page. | 4.3 |
2005-05-02 | CVE-2005-0443 | Devellion | Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4 index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message. | 4.3 |
2005-05-02 | CVE-2005-0407 | Zakon Group | HTML Injection vulnerability in OpenConf Paper Submission Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title. | 4.3 |
2005-05-02 | CVE-2005-0386 | Mailreader COM | Unspecified vulnerability in Mailreader.Com Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages. | 4.3 |
2005-05-02 | CVE-2005-0378 | Horde | Cross-Site Scripting vulnerability in Horde 3.0 Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. | 4.3 |
2005-05-02 | CVE-2005-0374 | Bitshifters | Unspecified vulnerability in Bitshifters Bitboard 2.0/2.5 Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via an [img] bbcode image tag with an event such as mouseover. | 4.3 |
2005-05-02 | CVE-2005-0341 | Apple | Cross-Site Scripting vulnerability in Apple Safari 1.2.4 Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks. | 4.3 |
2005-05-02 | CVE-2005-0336 | Emotion | Multiple vulnerability in Emotion Mediapartner web Server 5.0 Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. | 4.3 |
2005-05-02 | CVE-2005-0303 | Comersus Open Technologies | Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter. | 4.3 |
2005-05-02 | CVE-2005-0281 | Jowood Productions | Remote vulnerability in Soldner Secret Wars Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs. | 4.3 |
2005-05-02 | CVE-2005-0270 | Photopost | Cross-Site Scripting vulnerability in Photopost Reviewpost PHP PRO 1.0.2/2.5/2.5.1 Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php. | 4.3 |
2005-05-02 | CVE-2005-0264 | OWL | Cross-Site Scripting and SQL Injection vulnerability in Owl Intranet Engine Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter. | 4.3 |
2005-05-02 | CVE-2005-0219 | Gallery Project | Cross-Site Scripting vulnerability in Gallery Project Gallery 1.3.4Pl1 Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. | 4.3 |
2005-05-02 | CVE-2005-0216 | Woltlab | Cross-Site Scripting vulnerability in WoltLab Burning Board Lite Form Mail Script Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter. | 4.3 |
2005-05-02 | CVE-2005-0049 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Portal Server and Sharepoint Team Services Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. | 4.3 |
2005-05-02 | CVE-2005-0034 | ISC | Remote Denial Of Service vulnerability in ISC Bind 9.3.0 An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. | 4.3 |
81 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-05-02 | CVE-2005-1039 | GNU | Local Race Condition vulnerability in GNU Coreutils 5.2.1 Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. | 3.7 |
2005-05-02 | CVE-2005-0988 | GNU Freebsd Gentoo Redhat Trustix Turbolinux Ubuntu | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | 3.7 |
2005-05-02 | CVE-2005-0953 | Bzip | Unspecified vulnerability in Bzip Bzip2 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. | 3.7 |
2005-05-03 | CVE-2005-1430 | Apple | Local Security vulnerability in Mac OS X Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users. | 3.6 |
2005-05-02 | CVE-2005-0894 | Openmosixview | Insecure Temporary File Creation vulnerability in Openmosixview 1.5 OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp. | 3.6 |
2005-05-02 | CVE-2005-0576 | SUN | File Corruption vulnerability in SUN Solaris 9.0 Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. | 3.6 |
2005-05-03 | CVE-2005-1385 | Apple | Denial-Of-Service vulnerability in Apple Safari 1.3 Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference. | 2.6 |
2005-05-02 | CVE-2005-1346 | Symantec | Denial-Of-Service vulnerability in Web Security Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. | 2.6 |
2005-05-02 | CVE-2005-1049 | Postnuke Software Foundation | Remote Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3 Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. | 2.6 |
2005-05-02 | CVE-2005-0905 | Maxthon | Information Disclosure vulnerability in Maxthon 1.2 Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property. | 2.6 |
2005-05-02 | CVE-2005-0903 | Apple | Buffer Overflow vulnerability in Apple Quicktime Pictureviewer 6.5.1 Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data. | 2.6 |
2005-05-02 | CVE-2005-0664 | Libexif | Unspecified vulnerability in Libexif 0.6.9 Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag. | 2.6 |
2005-05-02 | CVE-2005-0591 | Mozilla | Unspecified vulnerability in Mozilla Firefox Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing." | 2.6 |
2005-05-02 | CVE-2005-0586 | Mozilla | Remote vulnerability in Mozilla Suite Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content. | 2.6 |
2005-05-02 | CVE-2005-0584 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. | 2.6 |
2005-05-02 | CVE-2005-0492 | Adobe | Improper Input Validation vulnerability in Adobe Acrobat Reader 6.0.3/7.0 Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node. | 2.6 |
2005-05-02 | CVE-2005-0402 | Mozilla | Unspecified vulnerability in Mozilla Firefox Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page. | 2.6 |
2005-05-02 | CVE-2005-0348 | Realnetworks | Remote vulnerability in RealNetworks RealArcade Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. | 2.6 |
2005-05-02 | CVE-2005-0331 | Rarlab | Directory Traversal vulnerability in RARLAB WinRAR Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... | 2.6 |
2005-05-02 | CVE-2005-0329 | Zipgenius | Directory Traversal vulnerability in ZipGenius Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. | 2.6 |
2005-05-02 | CVE-2005-0232 | Mozilla | Unspecified vulnerability in Mozilla Firefox 1.0 Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing." | 2.6 |
2005-05-02 | CVE-2005-0144 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks. | 2.6 |
2005-05-02 | CVE-2005-0141 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab. | 2.6 |
2005-05-03 | CVE-2005-1424 | Stumbleinside | Local Information Disclosure vulnerability in Stumbleinside Gotext 1.01 StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information. | 2.1 |
2005-05-03 | CVE-2005-1410 | Postgresql Trustix | The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments. | 2.1 |
2005-05-03 | CVE-2005-1405 | IBM | Local Security vulnerability in Lotus Notes HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. | 2.1 |
2005-05-02 | CVE-2005-1369 | Linux | Unspecified vulnerability in Linux Kernel The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to write to the file, which does not have an associated store function. | 2.1 |
2005-05-02 | CVE-2005-1167 | Musicmatch | Information Disclosure vulnerability in Jukebox Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information. | 2.1 |
2005-05-02 | CVE-2005-1166 | Dameware Development | Unspecified vulnerability in Dameware Development Dameware NT Utilities and Miniremote Control The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information. | 2.1 |
2005-05-02 | CVE-2005-1129 | Egroupware | Information Disclosure vulnerability in EGroupWare EMail Attachment eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient. | 2.1 |
2005-05-02 | CVE-2005-1119 | Todd Miller | Unspecified vulnerability in Todd Miller Sudo Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-05-02 | CVE-2005-1098 | Runtime Software | Information Disclosure vulnerability in Runtime Software Getdataback for Ntfs 2.31 GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information. | 2.1 |
2005-05-02 | CVE-2005-1065 | Novell | Unspecified vulnerability in Novell Linux Desktop 9 tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory. | 2.1 |
2005-05-02 | CVE-2005-1059 | Linksys | Remote Authentication Bypass vulnerability in Linksys WET11 Password Update Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. | 2.1 |
2005-05-02 | CVE-2005-1041 | Linux | Local Denial of Service vulnerability in Linux Kernel 2.6.20.1 The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route. | 2.1 |
2005-05-02 | CVE-2005-1038 | Paul Vixie Redhat | crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. | 2.1 |
2005-05-02 | CVE-2005-0991 | IBM | Local Insecure Temporary File Creation vulnerability in IBM AIX RC.BOOT RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files. | 2.1 |
2005-05-02 | CVE-2005-0990 | GNU | Local Insecure Temporary File Creation vulnerability in GNU Sharutils 4.2.1 unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file. | 2.1 |
2005-05-02 | CVE-2005-0975 | Apple Opendarwin | Local Integer Overflow vulnerability in Darwin Kernel Mach File Parsing Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header. | 2.1 |
2005-05-02 | CVE-2005-0963 | Toshiba | Denial-Of-Service vulnerability in Toshiba Acpi Flash Bios 1.6 An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. | 2.1 |
2005-05-02 | CVE-2005-0923 | Symantec | Local Denial Of Service vulnerability in Symantec products The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share. | 2.1 |
2005-05-02 | CVE-2005-0916 | Linux | Local Denial Of Service vulnerability in Linux Kernel 2.6.11 AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail. | 2.1 |
2005-05-02 | CVE-2005-0904 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows XP Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe. | 2.1 |
2005-05-02 | CVE-2005-0899 | IBM | Unspecified vulnerability in IBM OS 400 5.2 AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search. | 2.1 |
2005-05-02 | CVE-2005-0866 | Cdrtools | Unspecified vulnerability in Cdrtools Cdrecord cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-05-02 | CVE-2005-0852 | Microsoft | Local Denial Of Service vulnerability in Microsoft Windows Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. | 2.1 |
2005-05-02 | CVE-2005-0822 | Citrix | Information Disclosure vulnerability in Citrix Metaframe Password Manager 2.5 Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy. | 2.1 |
2005-05-02 | CVE-2005-0787 | Wine | Local Insecure File Creation vulnerability in Wine 20050211/20050305/20050310 Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords. | 2.1 |
2005-05-02 | CVE-2005-0711 | Mysql Oracle | Remote vulnerability in MySQL AB MySQL MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. | 2.1 |
2005-05-02 | CVE-2005-0652 | HP | Local Security vulnerability in Openvms Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files. | 2.1 |
2005-05-02 | CVE-2005-0596 | PHP | Denial Of Service vulnerability in PHP 4.0 PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size. | 2.1 |
2005-05-02 | CVE-2005-0578 | Mozilla | Remote vulnerability in Mozilla Suite Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory. | 2.1 |
2005-05-02 | CVE-2005-0550 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". | 2.1 |
2005-05-02 | CVE-2005-0465 | SGI | Unspecified vulnerability in SGI Irix gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option. | 2.1 |
2005-05-02 | CVE-2005-0464 | SGI | Unspecified vulnerability in SGI Irix 6.5.22 gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error. | 2.1 |
2005-05-02 | CVE-2005-0400 | Linux | Unspecified vulnerability in Linux Kernel The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block. | 2.1 |
2005-05-02 | CVE-2005-0396 | KDE | Local Denial of Service vulnerability in KDE Dcopserver and Desktop Communication Protocol Daemon Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process." | 2.1 |
2005-05-02 | CVE-2005-0387 | Remstats | Unspecified vulnerability in Remstats remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-05-02 | CVE-2005-0365 | KDE | Unspecified vulnerability in KDE 3.2.X/3.3.X The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | 2.1 |
2005-05-02 | CVE-2005-0346 | Safenet | Information Disclosure vulnerability in Softremote Vpn Client SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process. | 2.1 |
2005-05-02 | CVE-2005-0342 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. | 2.1 |
2005-05-02 | CVE-2005-0330 | People CAN FLY | Remote Buffer Overflow vulnerability in People CAN FLY Painkiller 1.3.1/1.3.5 Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash. | 2.1 |
2005-05-02 | CVE-2005-0321 | Icewarp Merak | Information Disclosure vulnerability in Mail Server MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path. | 2.1 |
2005-05-02 | CVE-2005-0225 | Firehol | Local Temporary File Creation vulnerability in FireHOL Insecure firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack. | 2.1 |
2005-05-02 | CVE-2005-0207 | Conectiva Linux Redhat Suse | Local NFS I/O Denial of Service vulnerability in Linux Kernel Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT. | 2.1 |
2005-05-02 | CVE-2005-0204 | Linux | Multiple vulnerability in Linux Kernel Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction. | 2.1 |
2005-05-02 | CVE-2005-0184 | Squirrelmail | Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. | 2.1 |
2005-05-02 | CVE-2005-0142 | Mozilla | Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. | 2.1 |
2005-05-02 | CVE-2005-0137 | Linux | Unspecified vulnerability in Linux Kernel 2.6.0 Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry." | 2.1 |
2005-05-02 | CVE-2005-0120 | Helvis | Local Security vulnerability in helvis helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program. | 2.1 |
2005-05-02 | CVE-2005-0119 | Helvis | Local Security vulnerability in Helvis helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program. | 2.1 |
2005-05-02 | CVE-2005-0118 | Helvis | Local Security vulnerability in Helvis helvis 1.8h2_1 and earlier stores recovery files in world readable directories with world readable permissions, which allows local users to read the recovered files of other users. | 2.1 |
2005-05-02 | CVE-2005-0090 | Redhat | Multiple vulnerability in Red Hat Enterprise Linux Kernel A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash). | 2.1 |
2005-05-02 | CVE-2005-0077 | Debian Gentoo Redhat Ubuntu | Insecure Temporary File Creation vulnerability in Libdbi-perl The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. | 2.1 |
2005-05-02 | CVE-2005-0018 | F2C Open Source Project | Local Insecure Temporary File Creation vulnerability in F2C Open Source Project F2C Translator 3.1 The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-05-02 | CVE-2005-0017 | F2C Open Source Project | Local Insecure Temporary File Creation vulnerability in F2C The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-05-02 | CVE-2005-1368 | Linux | Unspecified vulnerability in Linux Kernel The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP. | 1.2 |
2005-05-02 | CVE-2005-1286 | Softwin | Local Security vulnerability in Softwin Bitdefender Antivirus Professionalplus8/Standard8 Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process. | 1.2 |
2005-05-02 | CVE-2005-1176 | IBM | Information Disclosure vulnerability in AIX Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information. | 1.2 |
2005-05-02 | CVE-2005-1066 | University OF Washington | Unspecified vulnerability in University of Washington Pine 4.62 Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack. | 1.2 |
2005-05-02 | CVE-2005-0448 | Larry Wall | Local Race Condition Privilege Escalation vulnerability in Perl 'rmdir()' Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | 1.2 |