Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by NVD-CWE-Other
Total 27865 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-1309 1 Eaden Mckee 1 Bblog 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text.
CVE-2005-1066 1 University Of Washington 1 Pine 2008-09-05 1.2 LOW N/A
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.
CVE-2005-1308 1 Inter7 1 Sqwebmail 2008-09-05 7.5 HIGH N/A
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
CVE-2005-1306 1 Adobe 2 Acrobat, Acrobat Reader 2008-09-05 5.0 MEDIUM N/A
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."
CVE-2005-1076 1 Webct 1 Webct 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field.
CVE-2005-1072 1 Punbb 1 Punbb 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML.
CVE-2005-1281 1 Ethereal Group 1 Ethereal 2008-09-05 5.0 MEDIUM N/A
Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
CVE-2005-1040 1 Novell 1 Linux Desktop 2008-09-05 7.2 HIGH N/A
Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."
CVE-2005-1274 1 Mysql 1 Maxdb 2008-09-05 10.0 HIGH N/A
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
CVE-2005-1231 1 Jaws 1 Jaws 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description.
CVE-2005-1039 1 Gnu 1 Coreutils 2008-09-05 3.7 LOW N/A
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
CVE-2005-1037 1 Ibm 1 Aix 2008-09-05 10.0 HIGH N/A
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.
CVE-2005-1036 1 Freebsd 1 Freebsd 2008-09-05 7.2 HIGH N/A
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.
CVE-2005-1035 1 Pavuk 1 Pavuk 2008-09-05 7.5 HIGH N/A
Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact.
CVE-2005-1235 1 Phpbb Group 1 Phpbb-auction 2008-09-05 5.0 MEDIUM N/A
auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message.
CVE-2005-1236 1 Duware 1 Duportal 2008-09-05 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
CVE-2005-1067 1 Access User Class 1 Access User Class 2008-09-05 7.5 HIGH N/A
Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new".
CVE-2005-1247 1 Novell 1 Nsure Audit 2008-09-05 5.0 MEDIUM N/A
webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability.
CVE-2005-1246 1 Vladislav Bogdanov 1 Snmppd 2008-09-05 10.0 HIGH N/A
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
CVE-2005-1250 1 Ipswitch 1 Whatsup 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).