Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2594 | 1 Apple | 1 Safari | 2008-09-05 | 5.0 MEDIUM | N/A |
| Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body. | |||||
| CVE-2005-2551 | 1 Novell | 1 Edirectory | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. | |||||
| CVE-2005-2547 | 1 Bluez Project | 1 Bluez | 2008-09-05 | 7.5 HIGH | N/A |
| security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper. | |||||
| CVE-2005-2914 | 1 Linksys | 1 Wrt54g | 2008-09-05 | 7.5 HIGH | N/A |
| ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. | |||||
| CVE-2005-2607 | 1 Phpsimplicity | 1 Simplicity Of Upload | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters. | |||||
| CVE-2005-2608 | 1 Safehtml | 1 Safehtml | 2008-09-05 | 4.3 MEDIUM | N/A |
| SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML. | |||||
| CVE-2005-2912 | 1 Linksys | 1 Wrt54g | 2008-09-05 | 5.0 MEDIUM | N/A |
| Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value. | |||||
| CVE-2005-2688 | 1 Savewebportal | 1 Savewebportal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields. | |||||
| CVE-2005-2534 | 1 Openvpn | 1 Openvpn | 2008-09-05 | 2.6 LOW | N/A |
| Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate. | |||||
| CVE-2005-2875 | 1 Py2play | 1 Py2play | 2008-09-05 | 7.5 HIGH | N/A |
| Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes. | |||||
| CVE-2005-2870 | 1 Sun | 1 Solaris | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses. | |||||
| CVE-2005-2868 | 1 Ziptorrent | 1 Ziptorrent | 2008-09-05 | 2.1 LOW | N/A |
| ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pref.txt file, which allows local users to obtain sensitive information such as proxy server information and passwords. | |||||
| CVE-2005-2609 | 1 Vegadns | 1 Vegadns | 2008-09-05 | 5.0 MEDIUM | N/A |
| index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter. | |||||
| CVE-2005-2610 | 1 Vegadns | 1 Vegadns | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2005-2689 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-05 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php. | |||||
| CVE-2005-2867 | 1 Bluewhalecrm | 1 Bluewhalecrm | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BlueWhaleCRM allows remote attackers to execute arbitrary SQL commands via the Account ID field. | |||||
| CVE-2005-2866 | 1 Mercora | 1 Imradio | 2008-09-05 | 4.6 MEDIUM | N/A |
| Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles registry key, which allows local users to gain privileges. | |||||
| CVE-2005-2861 | 1 N-stalker | 1 N-stealth | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. | |||||
| CVE-2005-2690 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php. | |||||
| CVE-2005-2612 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 7.5 HIGH | N/A |
| Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie. | |||||