Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4130 | 1 Realnetworks | 1 Realplayer | 2008-09-05 | 7.5 HIGH | N/A |
| ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED. | |||||
| CVE-2005-4155 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2008-09-05 | 7.5 HIGH | N/A |
| registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor. | |||||
| CVE-2005-4156 | 1 Mambo | 1 Mambo Open Source 4.5 | 2008-09-05 | 9.4 HIGH | N/A |
| Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character. | |||||
| CVE-2005-4167 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php. | |||||
| CVE-2005-4168 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username. | |||||
| CVE-2005-4171 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 7.5 HIGH | N/A |
| The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file. | |||||
| CVE-2005-4172 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 5.0 MEDIUM | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message. | |||||
| CVE-2005-4173 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 5.0 MEDIUM | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. | |||||
| CVE-2005-4174 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 7.5 HIGH | N/A |
| eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used. | |||||
| CVE-2005-4204 | 1 Logisphere | 1 Logisphere | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS. | |||||
| CVE-2005-4256 | 1 Asp-dev | 1 Xm Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. In addition, its accuracy is in question because "forum_title" does not appear to be specified in the source code for XM Forum RC3. It is possible, but not certain, that this is CVE-2004-2211. | |||||
| CVE-2005-4257 | 1 Linksys | 4 Befw11s4, Befw11s4 V3, Befw11s4 V4 and 1 more | 2008-09-05 | 7.8 HIGH | N/A |
| Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | |||||
| CVE-2005-4266 | 1 Alt-n | 2 Mdaemon, Worldclient | 2008-09-05 | 7.5 HIGH | N/A |
| WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value. | |||||
| CVE-2005-4269 | 1 Microsoft | 3 Ie, Windows 2003 Server, Windows Xp | 2008-09-05 | 7.8 HIGH | N/A |
| mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. | |||||
| CVE-2005-4275 | 1 Scientific Atlanta | 1 Dpx2100 Cable Modem | 2008-09-05 | 7.8 HIGH | N/A |
| Scientific Atlanta DPX2100 Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD), as demonstrated using hping2. NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4276 | 1 Westell | 1 Versalink | 2008-09-05 | 7.8 HIGH | N/A |
| Westell Versalink 327W allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4296 | 1 Appserv Open Project | 1 Appserv | 2008-09-05 | 7.8 HIGH | N/A |
| AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request. | |||||
| CVE-2005-4334 | 1 John Andersson | 1 Zixforum | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp. | |||||
| CVE-2005-4337 | 1 Blackboard | 1 Academic Suite | 2008-09-05 | 7.5 HIGH | N/A |
| The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter. | |||||
| CVE-2005-4338 | 1 Blackboard | 1 Academic Suite | 2008-09-05 | 10.0 HIGH | N/A |
| announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin". | |||||