Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4272 | 1 Ibm | 1 Aix | 2018-10-19 | 10.0 HIGH | N/A |
| Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal. | |||||
| CVE-2005-4271 | 1 Ibm | 1 Aix | 2018-10-19 | 7.2 HIGH | N/A |
| Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code. | |||||
| CVE-2005-4270 | 1 Watchfire | 1 Appscan Qa | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field. | |||||
| CVE-2005-4260 | 1 Francisco Burzi | 1 Php-nuke | 2018-10-19 | 4.3 MEDIUM | N/A |
| Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke. | |||||
| CVE-2005-4022 | 1 Gallery Project | 1 Gallery | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | |||||
| CVE-2005-4219 | 1 Innovative Cms | 1 Innovative Cms | 2018-10-19 | 5.0 MEDIUM | N/A |
| setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processed before content is returned to the user, so this might not be a vulnerability. | |||||
| CVE-2005-4052 | 1 E107 | 1 E107 | 2018-10-19 | 5.0 MEDIUM | N/A |
| e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site. | |||||
| CVE-2005-3787 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog. | |||||
| CVE-2005-3807 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.9 MEDIUM | N/A |
| Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlease function after the fasync queue has already been cleaned by the locks_delete_lock function. | |||||
| CVE-2005-3774 | 1 Cisco | 1 Pix | 2018-10-19 | 5.0 MEDIUM | N/A |
| Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. | |||||
| CVE-2005-3961 | 1 Webcalendar | 1 Webcalendar | 2018-10-19 | 5.0 MEDIUM | N/A |
| export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | |||||
| CVE-2005-3792 | 1 Francisco Burzi | 1 Php-nuke | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. | |||||
| CVE-2005-3983 | 1 Hp | 1 Systems Insight Manager | 2018-10-19 | 7.8 HIGH | N/A |
| Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability. | |||||
| CVE-2005-3960 | 1 Kadu | 1 Kadu | 2018-10-19 | 7.8 HIGH | N/A |
| Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information. | |||||
| CVE-2005-3982 | 1 Webcalendar | 1 Webcalendar | 2018-10-19 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests. | |||||
| CVE-2005-3805 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.9 MEDIUM | N/A |
| A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service (deadlock) involving process CPU timers. | |||||
| CVE-2005-3959 | 1 Freewebstat | 1 Freewebstat | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php. | |||||
| CVE-2005-3949 | 1 Webcalendar | 1 Webcalendar | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php. | |||||
| CVE-2005-3822 | 1 Vtiger | 1 Vtiger Crm | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. | |||||
| CVE-2005-3980 | 1 Edgewall Software | 1 Trac | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. | |||||