Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2877 | 1 Twiki | 1 Twiki | 2016-10-17 | 7.5 HIGH | N/A |
| The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers. | |||||
| CVE-2005-2878 | 1 Gnu | 1 Mailutils | 2016-10-17 | 7.5 HIGH | N/A |
| Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. | |||||
| CVE-2005-2879 | 1 Advansysperu Software | 1 Usb Lock Auto-protect | 2016-10-17 | 2.1 LOW | N/A |
| Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection. | |||||
| CVE-2005-2889 | 1 Checkpoint | 1 Connectra Ngx | 2016-10-17 | 7.5 HIGH | N/A |
| Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2005-2897 | 1 Stylemotion | 1 Web News | 2016-10-17 | 5.0 MEDIUM | N/A |
| WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php. | |||||
| CVE-2005-2899 | 1 Cj Design | 1 Cj Tag Board | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date, (2) time, (3) name, (4) ip, (5) agent, or (6) msg parameter. | |||||
| CVE-2005-2900 | 1 Cj Desing | 1 Cjlinkout | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 allows remote attackers to inject arbitrary web script or HTML via the 123 parameter. | |||||
| CVE-2005-2901 | 1 Cj Desing | 1 Cjweb2mail | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message, or (3) ip parameter to thankyou.php or (4) emsg parameter to web2mail.php. | |||||
| CVE-2005-2904 | 1 Zebedee | 1 Zebedee | 2016-10-17 | 5.0 MEDIUM | N/A |
| Zebedee 2.4.1, when "allowed redirection port" is not set, allows remote attackers to cause a denial of service (application crash) via a zero in the port number of the protocol option header, which triggers an assert error in the makeConnection function in zebedee.c. | |||||
| CVE-2005-2918 | 1 Gtkdiskfree | 1 Gtkdiskfree | 2016-10-17 | 5.0 MEDIUM | N/A |
| The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file. | |||||
| CVE-2005-2945 | 1 Arc | 1 Arc | 2016-10-17 | 2.1 LOW | N/A |
| arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c). | |||||
| CVE-2005-2948 | 1 Killprocess | 1 Killprocess | 2016-10-17 | 2.1 LOW | N/A |
| KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess. | |||||
| CVE-2005-2949 | 1 Mark D. Roth | 1 Pam Per User | 2016-10-17 | 7.5 HIGH | N/A |
| pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login. | |||||
| CVE-2005-2953 | 1 Miva | 1 Miva Merchant | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter. | |||||
| CVE-2005-2955 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2016-10-17 | 4.6 MEDIUM | N/A |
| config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others. | |||||
| CVE-2005-2956 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2016-10-17 | 5.0 MEDIUM | N/A |
| ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files. | |||||
| CVE-2005-2957 | 1 Avira | 1 Desktop | 2016-10-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive. | |||||
| CVE-2005-2982 | 1 Compaq | 1 Compaqhttpserver | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | |||||
| CVE-2005-2983 | 1 Oracle | 1 Reports | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | |||||
| CVE-2005-2766 | 1 Symantec | 1 Norton Antivirus | 2016-10-17 | 2.1 LOW | N/A |
| Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server. | |||||