Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3397 | 1 Comersus Open Technologies | 2 Comersus Backoffice Lite, Comersus Backoffice Plus | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2. | |||||
| CVE-2005-3423 | 1 Subdreamer | 1 Subdreamer | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php. | |||||
| CVE-2005-3425 | 1 Gnu | 1 Gnump3d | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. | |||||
| CVE-2005-3426 | 1 Cisco | 1 Content Services Switch 11500 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation. | |||||
| CVE-2005-3474 | 1 Sony | 1 First4internet Xcp Content Management | 2008-09-05 | 4.6 MEDIUM | N/A |
| The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP. | |||||
| CVE-2005-3477 | 1 Invision Power Services | 1 Invision Gallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery. | |||||
| CVE-2005-3479 | 1 Ringtail | 1 Casebook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in Ringtail CaseBook 6.1.0 allows remote attackers to inject arbitrary web script or HTML via the users parameter. | |||||
| CVE-2005-3480 | 1 Ringtail | 1 Casebook | 2008-09-05 | 5.0 MEDIUM | N/A |
| login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | |||||
| CVE-2005-3494 | 1 Ar-blog | 1 Ar-blog | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment. | |||||
| CVE-2005-3495 | 1 Ar-blog | 1 Ar-blog | 2008-09-05 | 7.5 HIGH | N/A |
| Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies. | |||||
| CVE-2005-3535 | 1 Ketm | 1 Ketm | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-3536 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | |||||
| CVE-2005-3537 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. | |||||
| CVE-2005-3540 | 1 Petris | 1 Petris | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors. | |||||
| CVE-2005-3621 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. | |||||
| CVE-2005-3630 | 1 Redhat | 1 Fedora Core | 2008-09-05 | 5.0 MEDIUM | N/A |
| Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives. | |||||
| CVE-2005-3641 | 1 Oracle | 5 Database Server, Database Server Lite, Oracle10g and 2 more | 2008-09-05 | 7.5 HIGH | N/A |
| Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. | |||||
| CVE-2005-3642 | 1 Ibm | 1 Informix Dynamic Database Server | 2008-09-05 | 7.5 HIGH | N/A |
| IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. | |||||
| CVE-2005-3643 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 7.5 HIGH | N/A |
| IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. | |||||
| CVE-2005-3666 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. | |||||