Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2605 | 1 Omnipilot Software | 1 Lasso Professional Server | 2008-09-05 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags. | |||||
| CVE-2005-2859 | 1 Savant | 1 Savant Webserver | 2008-09-05 | 4.6 MEDIUM | N/A |
| Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges. | |||||
| CVE-2005-2601 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp. | |||||
| CVE-2005-2770 | 1 Wrq | 1 Wrq Reflection For Secure It Windows Server | 2008-09-05 | 7.5 HIGH | N/A |
| WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. | |||||
| CVE-2005-2677 | 1 Acnews | 1 Acnews | 2008-09-05 | 5.0 MEDIUM | N/A |
| ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server. | |||||
| CVE-2005-2656 | 1 Polygen | 1 Polygen | 2008-09-05 | 2.1 LOW | N/A |
| Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities. | |||||
| CVE-2005-2686 | 1 Savewebportal | 1 Savewebportal | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | |||||
| CVE-2005-2684 | 1 Virtech | 1 Netquery | 2008-09-05 | 7.5 HIGH | N/A |
| nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query. | |||||
| CVE-2005-2691 | 1 Runcms | 1 Runcms | 2008-09-05 | 7.5 HIGH | N/A |
| includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. | |||||
| CVE-2005-2547 | 1 Bluez Project | 1 Bluez | 2008-09-05 | 7.5 HIGH | N/A |
| security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper. | |||||
| CVE-2005-2914 | 1 Linksys | 1 Wrt54g | 2008-09-05 | 7.5 HIGH | N/A |
| ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. | |||||
| CVE-2005-2236 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments. | |||||
| CVE-2005-2312 | 1 Realnode | 1 Emilda | 2008-09-05 | 7.5 HIGH | N/A |
| management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the user_id parameter. | |||||
| CVE-2005-2239 | 1 Oftpd | 1 Oftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters. | |||||
| CVE-2005-2234 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2486 | 1 Portailphp | 1 Portailphp | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_forum/read_message.php in PortailPHP allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php with the affiche parameter set to "Forum-read_mess", a different vulnerability than CVE-2005-1701. | |||||
| CVE-2005-2322 | 2 Class-1, Clever Copy | 2 Class-1 Forum, Clever Copy | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the (1) viewuser_id or (2) group parameter to users.php. | |||||
| CVE-2005-2315 | 1 Dnrd | 1 Dnrd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS packets with the Z and QR flags cleared. | |||||
| CVE-2005-2384 | 1 Alwil | 1 Avast Antivirus | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames. | |||||
| CVE-2005-2216 | 1 Photogal | 1 Photogal Photo Gallery | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter. | |||||