Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2765 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2008-09-05 | 2.1 LOW | N/A |
| The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included. | |||||
| CVE-2005-2770 | 1 Wrq | 1 Wrq Reflection For Secure It Windows Server | 2008-09-05 | 7.5 HIGH | N/A |
| WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. | |||||
| CVE-2005-2851 | 1 Smb4k | 1 Smb4k | 2008-09-05 | 2.1 LOW | N/A |
| smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files. | |||||
| CVE-2005-2850 | 1 Whitsoft Development | 1 Slimftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error. | |||||
| CVE-2005-2771 | 2 F-secure, Wrq | 2 F-secure Ssh Server, Wrq Reflection For Secure It Windows Server | 2008-09-05 | 10.0 HIGH | N/A |
| WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied. | |||||
| CVE-2005-2840 | 1 Maxdev | 1 Md-pro | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspecified attack vectors, in one or more of the (1) Download, (2) Search, (3) Web links, (4) Blocks, (5) Messages, (6) News, (7) Comments, (8) Settings, (9) Stats or (10) subjects modules. | |||||
| CVE-2005-2839 | 1 Maxdev | 1 Md-pro | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php. | |||||
| CVE-2005-2807 | 1 Frox | 1 Frox | 2008-09-05 | 7.2 HIGH | N/A |
| frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option. | |||||
| CVE-2005-2808 | 1 Frox | 1 Frox | 2008-09-05 | 7.5 HIGH | N/A |
| frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts. | |||||
| CVE-2005-2837 | 1 Plain Black | 1 Webgui | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm. | |||||
| CVE-2005-2600 | 1 Ilia Alshanetsky | 1 Fudforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter. | |||||
| CVE-2005-2799 | 1 Linksys | 1 Wrt54g | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request. | |||||
| CVE-2005-2836 | 1 Phorum | 1 Phorum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php. | |||||
| CVE-2005-2869 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. | |||||
| CVE-2005-2715 | 1 Symantec Veritas | 2 Netbackup Data And Business Center, Netbackup Enterprise Server Client | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command. | |||||
| CVE-2005-2259 | 1 Usanet Creations | 6 Domain Name Auction, Makebid Auction Deluxe, Makebid Auction Standard and 3 more | 2008-09-05 | 10.0 HIGH | N/A |
| The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter. | |||||
| CVE-2005-2143 | 1 Microsoft | 1 Frontpage | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. | |||||
| CVE-2005-2144 | 1 Prevx | 1 Prevx Pro 2005 | 2008-09-05 | 2.1 LOW | N/A |
| Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file. | |||||
| CVE-2005-2145 | 1 Prevx | 1 Prevx Pro 2005 | 2008-09-05 | 4.6 MEDIUM | N/A |
| The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message. | |||||
| CVE-2005-2156 | 1 Phpnews | 1 Phpnews | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the prevnext parameter. | |||||