Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0535 | 2 Gentoo, Mediawiki | 2 Linux, Mediawiki | 2011-03-07 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users. | |||||
| CVE-2005-0536 | 1 Mediawiki | 1 Mediawiki | 2011-03-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion. | |||||
| CVE-2005-0440 | 1 Stefan Ritt | 1 Elog Web Logbook | 2011-03-07 | 7.5 HIGH | N/A |
| ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL. | |||||
| CVE-2005-0684 | 1 Mysql | 1 Maxdb | 2011-03-07 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c. | |||||
| CVE-2005-0771 | 1 Symantec Veritas | 1 Backup Exec | 2011-03-07 | 10.0 HIGH | N/A |
| VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106. | |||||
| CVE-2005-0772 | 1 Symantec Veritas | 1 Backup Exec | 2011-03-07 | 5.0 MEDIUM | N/A |
| VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference. | |||||
| CVE-2005-0773 | 1 Symantec Veritas | 1 Backup Exec | 2011-03-07 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument. | |||||
| CVE-2005-0932 | 1 Coinsoft Technologies | 1 Phpcoin | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the "forgotten password" feature, or (3) the domain name in a package order. | |||||
| CVE-2005-0933 | 1 Coinsoft Technologies | 1 Phpcoin | 2011-03-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter. | |||||
| CVE-2005-0986 | 1 Ibm | 1 Lotus Domino Server | 2011-03-07 | 5.0 MEDIUM | N/A |
| NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue. | |||||
| CVE-2004-2575 | 1 Phpgroupware | 1 Phpgroupware | 2011-03-07 | 5.0 MEDIUM | N/A |
| phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message. | |||||
| CVE-2005-0111 | 1 Mysql | 1 Maxdb | 2011-03-07 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter. | |||||
| CVE-2005-0081 | 1 Mysql | 1 Maxdb | 2011-03-07 | 5.0 MEDIUM | N/A |
| MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers. | |||||
| CVE-2004-2568 | 1 Recipants | 1 Recipants | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields. | |||||
| CVE-2004-2574 | 1 Phpgroupware | 1 Phpgroupware | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction. | |||||
| CVE-2005-0082 | 1 Mysql | 1 Maxdb | 2011-03-07 | 5.0 MEDIUM | N/A |
| The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash. | |||||
| CVE-2005-0134 | 1 Sco | 1 Unixware | 2011-03-07 | 4.6 MEDIUM | N/A |
| The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets. | |||||
| CVE-2005-0035 | 1 Adobe | 1 Acrobat Reader | 2011-03-07 | 5.1 MEDIUM | N/A |
| The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method. | |||||
| CVE-2003-1232 | 1 Gnu | 1 Emacs | 2011-03-07 | 5.1 MEDIUM | N/A |
| Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | |||||
| CVE-2003-0502 | 1 Apple | 1 Darwin Streaming Server | 2011-03-07 | 10.0 HIGH | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421. | |||||