Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3285 | 1 Comersus Open Technologies | 1 Comersus Backoffice Plus | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters. | |||||
| CVE-2005-3000 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters. | |||||
| CVE-2005-2999 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain sensitive PHP configuration information via a direct request to test.php. | |||||
| CVE-2005-2998 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2008-09-05 | 7.5 HIGH | N/A |
| PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files. | |||||
| CVE-2005-3173 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. | |||||
| CVE-2005-3174 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. | |||||
| CVE-2005-3104 | 1 Six Apart | 1 Movable Type | 2008-09-05 | 2.6 LOW | N/A |
| mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments. | |||||
| CVE-2005-2944 | 1 Brent Ely | 1 Gnome Workstation Command Center | 2008-09-05 | 4.6 MEDIUM | N/A |
| The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt temporary file. | |||||
| CVE-2005-3103 | 1 Six Apart | 1 Movable Type | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title, (2) category, (3) body, (4) extended body, and (5) excerpt form fields in new blog entries. | |||||
| CVE-2005-3102 | 1 Six Apart | 1 Movable Type | 2008-09-05 | 5.0 MEDIUM | N/A |
| The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root. | |||||
| CVE-2005-3284 | 1 Ahnlab | 3 Myv3, V3net, V3pro 2004 | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. | |||||
| CVE-2005-3282 | 1 Splatt | 1 Splatt Forum | 2008-09-05 | 7.5 HIGH | N/A |
| Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authentication via unknown vectors. | |||||
| CVE-2005-2940 | 1 Microsoft | 1 Antispyware | 2008-09-05 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. | |||||
| CVE-2005-3281 | 1 Nukefixes | 1 Nukefixes | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter. | |||||
| CVE-2005-2939 | 1 Vmware | 1 Workstation | 2008-09-05 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | |||||
| CVE-2005-2935 | 1 Microsoft | 1 Antispyware | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. | |||||
| CVE-2005-3277 | 1 Hp | 1 Hp-ux | 2008-09-05 | 10.0 HIGH | N/A |
| The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473. | |||||
| CVE-2005-3270 | 1 Symantec | 1 Norton Antivirus | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. | |||||
| CVE-2005-3077 | 1 Microsoft | 1 Ie For Macintosh | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. | |||||
| CVE-2005-3076 | 1 Simplog | 1 Simplog | 2008-09-05 | 7.5 HIGH | N/A |
| Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to blogadmin.php. | |||||