Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2658 | 1 Softwolves Software | 1 Turquoise Superstat | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month. | |||||
| CVE-2005-2660 | 1 Apachetop | 1 Apachetop | 2008-09-05 | 2.1 LOW | N/A |
| apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug. | |||||
| CVE-2005-2673 | 1 Woltlab | 1 Burning Board | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters. | |||||
| CVE-2005-2676 | 1 Coppermine | 1 Coppermine Photo Gallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. | |||||
| CVE-2005-2677 | 1 Acnews | 1 Acnews | 2008-09-05 | 5.0 MEDIUM | N/A |
| ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server. | |||||
| CVE-2005-2853 | 1 Guppy | 1 Guppy | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pg parameter to printfaq.php, or the (2) Referer or (3) User-Agent HTTP headers, which are not properly handled by error.php. | |||||
| CVE-2005-2852 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm. | |||||
| CVE-2005-2679 | 1 Sysinternals | 1 Process Explorer | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a running process. | |||||
| CVE-2005-2684 | 1 Virtech | 1 Netquery | 2008-09-05 | 7.5 HIGH | N/A |
| nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query. | |||||
| CVE-2005-2685 | 1 Savewebportal | 1 Savewebportal | 2008-09-05 | 7.5 HIGH | N/A |
| SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. NOTE: it is possible that this vulnerability stems from PhpMyExplorer, which is a separate package. | |||||
| CVE-2005-2686 | 1 Savewebportal | 1 Savewebportal | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | |||||
| CVE-2005-2691 | 1 Runcms | 1 Runcms | 2008-09-05 | 7.5 HIGH | N/A |
| includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. | |||||
| CVE-2005-2692 | 1 Runcms | 1 Runcms | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. | |||||
| CVE-2005-2742 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 4.6 MEDIUM | N/A |
| SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting. | |||||
| CVE-2005-2743 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2008-09-05 | 7.5 HIGH | N/A |
| The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-2745 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information. | |||||
| CVE-2005-2746 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages. | |||||
| CVE-2005-2748 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 2.1 LOW | N/A |
| The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application. | |||||
| CVE-2005-2761 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message. | |||||
| CVE-2005-2762 | 1 Avaya | 1 Vpnremote | 2008-09-05 | 2.1 LOW | N/A |
| Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials. | |||||