Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3177 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2008-09-05 | 4.6 MEDIUM | N/A |
| CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. | |||||
| CVE-2005-3238 | 1 Sun | 1 Solaris | 2008-09-05 | 2.1 LOW | N/A |
| Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors. | |||||
| CVE-2005-3251 | 1 Gallery Project | 1 Gallery | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter. | |||||
| CVE-2005-3254 | 1 Nathan Neulinger | 1 Cgiwrap | 2008-09-05 | 10.0 HIGH | N/A |
| The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems. | |||||
| CVE-2005-3255 | 1 Nathan Neulinger | 1 Cgiwrap | 2008-09-05 | 5.0 MEDIUM | N/A |
| The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs. | |||||
| CVE-2005-3268 | 1 Raphael Bossek | 1 Yiff Server | 2008-09-05 | 2.1 LOW | N/A |
| yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files. | |||||
| CVE-2005-3270 | 1 Symantec | 1 Norton Antivirus | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. | |||||
| CVE-2005-3277 | 1 Hp | 1 Hp-ux | 2008-09-05 | 10.0 HIGH | N/A |
| The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473. | |||||
| CVE-2005-3279 | 1 Jan Kybic | 1 Bitmap Viewer | 2008-09-05 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option. | |||||
| CVE-2005-3281 | 1 Nukefixes | 1 Nukefixes | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter. | |||||
| CVE-2005-3282 | 1 Splatt | 1 Splatt Forum | 2008-09-05 | 7.5 HIGH | N/A |
| Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authentication via unknown vectors. | |||||
| CVE-2005-3284 | 1 Ahnlab | 3 Myv3, V3net, V3pro 2004 | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. | |||||
| CVE-2005-3285 | 1 Comersus Open Technologies | 1 Comersus Backoffice Plus | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters. | |||||
| CVE-2005-3287 | 1 Rockliffe | 1 Mailsite Express | 2008-09-05 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory. | |||||
| CVE-2005-3288 | 1 Rockliffe | 1 Mailsite Express | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message. | |||||
| CVE-2005-3289 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file. | |||||
| CVE-2005-3291 | 1 Stani | 1 Stanis Python Editor | 2008-09-05 | 4.6 MEDIUM | N/A |
| Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files. | |||||
| CVE-2005-3292 | 1 Xeobook | 1 Xeobook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>. | |||||
| CVE-2005-2531 | 1 Openvpn | 1 Openvpn | 2008-09-05 | 5.0 MEDIUM | N/A |
| OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. | |||||
| CVE-2005-2532 | 1 Openvpn | 1 Openvpn | 2008-09-05 | 5.0 MEDIUM | N/A |
| OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. | |||||