Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4826 | 1 Cisco | 1 Ios | 2018-10-19 | 6.1 MEDIUM | N/A |
| Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776. | |||||
| CVE-2006-0009 | 1 Microsoft | 2 Office, Works | 2018-10-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. | |||||
| CVE-2005-4831 | 1 Viewcvs | 1 Viewcvs | 2018-10-19 | 4.3 MEDIUM | N/A |
| viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected. | |||||
| CVE-2005-4830 | 1 Viewcvs | 1 Viewcvs | 2018-10-19 | 7.6 HIGH | N/A |
| CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter. | |||||
| CVE-2005-4727 | 1 Martin Bauer | 1 Gbook | 2018-10-19 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field. | |||||
| CVE-2005-4517 | 1 Php Fusion | 1 Php Fusion | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php. | |||||
| CVE-2005-4554 | 1 Dev | 1 Dev Web Management System | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php. | |||||
| CVE-2005-4555 | 1 Dev | 1 Dev Web Management System | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ENTER_ARTICLE_TITLE, (2) SPECIFY_ZONE, (3) ENTER_ARTICLE_HEADER, and (4) ENTER_ARTICLE_BODY indices in the language array parameter. | |||||
| CVE-2005-4556 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2018-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php. | |||||
| CVE-2005-4557 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2018-10-19 | 5.0 MEDIUM | N/A |
| dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability. | |||||
| CVE-2005-4514 | 1 Webwasher | 1 Csm Appliance Suite | 2018-10-19 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and has asked the researcher for more information, without a response as of 20060103. | |||||
| CVE-2006-0014 | 1 Microsoft | 1 Outlook Express | 2018-10-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. | |||||
| CVE-2005-4462 | 1 Tolva | 1 Tolva | 2018-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter. | |||||
| CVE-2005-4581 | 1 Scott Draves | 1 Electric Sheep | 2018-10-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. | |||||
| CVE-2005-4582 | 1 Scott Draves | 1 Electric Sheep | 2018-10-19 | 7.5 HIGH | N/A |
| Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via (1) DNS spoofing, (2) a URL on the command line, or (3) a URL in the configuration file. NOTE: the same attack vectors apply to common web browsers that are able to communicate with untrusted web servers, and other problems related to DNS design issues. Therefore this may not be a specific vulnerability. However, a client would reasonably expect to receive content only from the server. | |||||
| CVE-2005-4589 | 1 Spb | 1 Kiosk Engine | 2018-10-19 | 2.1 LOW | N/A |
| Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the registry in plaintext, which allows local users to obtain the passcode. | |||||
| CVE-2005-4590 | 1 Spb | 1 Kiosk Engine | 2018-10-19 | 4.6 MEDIUM | N/A |
| Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will execute because of the autorun setting and (2) applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe file. | |||||
| CVE-2005-4603 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread. | |||||
| CVE-2005-4594 | 1 Tugzip | 1 Tugzip | 2018-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive. | |||||
| CVE-2005-4503 | 1 Net-square | 1 Httprint | 2018-10-19 | 5.0 MEDIUM | N/A |
| httprint v202, and possibly other versions before v301, allows remote attackers to cause a denial of service (crash) via a long Server field in an HTTP response. | |||||