Total
27865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1309 | 1 Eaden Mckee | 1 Bblog | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text. | |||||
CVE-2005-1066 | 1 University Of Washington | 1 Pine | 2008-09-05 | 1.2 LOW | N/A |
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2005-1308 | 1 Inter7 | 1 Sqwebmail | 2008-09-05 | 7.5 HIGH | N/A |
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. | |||||
CVE-2005-1306 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2008-09-05 | 5.0 MEDIUM | N/A |
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability." | |||||
CVE-2005-1076 | 1 Webct | 1 Webct | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field. | |||||
CVE-2005-1072 | 1 Punbb | 1 Punbb | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. | |||||
CVE-2005-1281 | 1 Ethereal Group | 1 Ethereal | 2008-09-05 | 5.0 MEDIUM | N/A |
Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. | |||||
CVE-2005-1040 | 1 Novell | 1 Linux Desktop | 2008-09-05 | 7.2 HIGH | N/A |
Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification." | |||||
CVE-2005-1274 | 1 Mysql | 1 Maxdb | 2008-09-05 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter. | |||||
CVE-2005-1231 | 1 Jaws | 1 Jaws | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description. | |||||
CVE-2005-1039 | 1 Gnu | 1 Coreutils | 2008-09-05 | 3.7 LOW | N/A |
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. | |||||
CVE-2005-1037 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. | |||||
CVE-2005-1036 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. | |||||
CVE-2005-1035 | 1 Pavuk | 1 Pavuk | 2008-09-05 | 7.5 HIGH | N/A |
Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact. | |||||
CVE-2005-1235 | 1 Phpbb Group | 1 Phpbb-auction | 2008-09-05 | 5.0 MEDIUM | N/A |
auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. | |||||
CVE-2005-1236 | 1 Duware | 1 Duportal | 2008-09-05 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224. | |||||
CVE-2005-1067 | 1 Access User Class | 1 Access User Class | 2008-09-05 | 7.5 HIGH | N/A |
Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new". | |||||
CVE-2005-1247 | 1 Novell | 1 Nsure Audit | 2008-09-05 | 5.0 MEDIUM | N/A |
webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability. | |||||
CVE-2005-1246 | 1 Vladislav Bogdanov | 1 Snmppd | 2008-09-05 | 10.0 HIGH | N/A |
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call. | |||||
CVE-2005-1250 | 1 Ipswitch | 1 Whatsup | 2008-09-05 | 7.5 HIGH | N/A |
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). |