Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4321 | 1 Apani Networks | 1 Epiforce Agent | 2018-10-19 | 7.8 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Apani Networks EpiForce 1.9 and earlier running IPSec, allow remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2005-4319 | 1 Limbo Cms | 1 Limbo Cms | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter. | |||||
| CVE-2005-4318 | 1 Limbo Cms | 1 Limbo Cms | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable. | |||||
| CVE-2005-4317 | 1 Limbo Cms | 1 Limbo Cms | 2018-10-19 | 6.8 MEDIUM | N/A |
| Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php. | |||||
| CVE-2005-4316 | 1 Hp | 1 Hp-ux | 2018-10-19 | 7.8 HIGH | N/A |
| HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet. | |||||
| CVE-2005-4160 | 1 Torrential | 1 Torrential | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument. | |||||
| CVE-2005-4175 | 1 Insyde | 1 Insyde Bios | 2018-10-19 | 2.1 LOW | N/A |
| Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory. | |||||
| CVE-2005-4176 | 1 Award | 1 Award Bios Modular | 2018-10-19 | 2.1 LOW | N/A |
| AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory. | |||||
| CVE-2005-4300 | 1 Libremail | 1 Libremail | 2018-10-19 | 7.5 HIGH | N/A |
| Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response. | |||||
| CVE-2005-4441 | 1 Pvlan Protocol | 1 Pvlan Protocol | 2018-10-19 | 5.0 MEDIUM | N/A |
| The PVLAN protocol allows remote attackers to bypass network segmentation and spoof PVLAN traffic via a PVLAN message with a target MAC address that is set to a gateway router, which causes the packet to be sent to the router, where the source MAC is modified, aka "Modification of the MAC spoofing PVLAN jumping attack," as demonstrated by pvlan.c. | |||||
| CVE-2005-4440 | 1 Vlan Protocol | 1 Vlan Protocol | 2018-10-19 | 5.0 MEDIUM | N/A |
| The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN jumping attack." | |||||
| CVE-2005-4197 | 1 Nortel | 1 Ssl Vpn | 2018-10-19 | 7.5 HIGH | N/A |
| tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. | |||||
| CVE-2005-4288 | 1 Marmaraweb | 1 Marmaraweb E-commerce | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E-commerce allows remote attackers to inject arbitrary web script or HTML via the page parameter to index.php. NOTE: this might be resultant from CVE-2005-4287. | |||||
| CVE-2005-4287 | 1 Marmaraweb | 1 Marmaraweb E-commerce | 2018-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php. | |||||
| CVE-2005-4207 | 1 Btgrup | 1 Admin Webcontroller Script | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password fields. | |||||
| CVE-2005-4438 | 1 Dec2rar.dll | 1 Dec2rar.dll | 2018-10-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field. | |||||
| CVE-2005-4437 | 1 Extended Interior Gateway Routing Protocol | 1 Extended Interior Gateway Routing Protocol | 2018-10-19 | 7.5 HIGH | N/A |
| MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. | |||||
| CVE-2005-4208 | 1 Flatnuke | 1 Flatnuke | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module. | |||||
| CVE-2005-4277 | 1 Toenda Software Development | 1 Toendacms | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-4274 | 1 Businessobjects | 1 Webintelligence | 2018-10-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to "authentication mechanisms" and "form input." | |||||