Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4734 | 1 Rsa | 1 Authentication Agent For Web | 2008-09-05 | 6.4 MEDIUM | N/A |
| Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method. | |||||
| CVE-2005-4735 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.8 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. | |||||
| CVE-2005-4736 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.8 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | |||||
| CVE-2005-4737 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 7.5 HIGH | N/A |
| IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared. | |||||
| CVE-2005-4738 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.5 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. | |||||
| CVE-2005-4740 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 4.0 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." | |||||
| CVE-2005-4741 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 7.5 HIGH | N/A |
| NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. | |||||
| CVE-2005-4742 | 1 Pavel Kankovsky | 1 Echelog | 2008-09-05 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors. | |||||
| CVE-2005-4788 | 1 Suse | 1 Suse Linux | 2008-09-05 | 2.1 LOW | N/A |
| resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices." | |||||
| CVE-2005-4805 | 1 Sun | 1 Java System Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors. | |||||
| CVE-2005-4747 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page. | |||||
| CVE-2005-4748 | 1 Vwar | 1 Virtual War | 2008-09-05 | 6.8 MEDIUM | N/A |
| PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file inclusion problem. | |||||
| CVE-2005-4750 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors. | |||||
| CVE-2005-4759 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages. | |||||
| CVE-2005-4761 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 1.2 LOW | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used. | |||||
| CVE-2005-4762 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 7.2 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges. | |||||
| CVE-2005-4768 | 1 Tux Racer | 1 Tuxbank | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.php. | |||||
| CVE-2005-4769 | 1 Belchior Foundry | 1 Vcard Pro | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4770 | 1 Accelerated Enterprise Solutions | 1 Accelerated E Solutions | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in an unspecified Accelerated Enterprise Solutions product, possibly Accelerated E Solutions, allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4771 | 1 Trust Digital | 1 Trusted Mobility Suite | 2008-09-05 | 4.6 MEDIUM | N/A |
| Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized. | |||||