Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2515 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required. | |||||
| CVE-2005-2219 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 4.6 MEDIUM | N/A |
| Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action. | |||||
| CVE-2005-2208 | 1 Privashare | 1 Privashare | 2008-09-05 | 5.0 MEDIUM | N/A |
| PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message. | |||||
| CVE-2005-2507 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | |||||
| CVE-2005-2201 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2008-09-05 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests. | |||||
| CVE-2005-2253 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description. | |||||
| CVE-2005-2306 | 1 Macromedia | 2 Coldfusion, Jrun | 2008-09-05 | 3.7 LOW | N/A |
| Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. | |||||
| CVE-2005-2391 | 1 3com | 1 3crwe454g72 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface. | |||||
| CVE-2005-2243 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. | |||||
| CVE-2005-2152 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article. | |||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | |||||
| CVE-2005-2504 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.2 HIGH | N/A |
| The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid. | |||||
| CVE-2005-2202 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-2313 | 1 Checkpoint | 1 Secureclient Ng | 2008-09-05 | 7.2 HIGH | N/A |
| Check Point SecuRemote NG with Application Intelligence R54 allows attackers to obtain credentials and gain privileges via unknown attack vectors. | |||||
| CVE-2005-2256 | 1 Phppgadmin | 1 Phppgadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter. | |||||
| CVE-2005-2525 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2008-09-05 | 5.0 MEDIUM | N/A |
| CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt). | |||||
| CVE-2005-2326 | 1 Clever Copy | 1 Clever Copy | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php. | |||||
| CVE-2005-2145 | 1 Prevx | 1 Prevx Pro 2005 | 2008-09-05 | 4.6 MEDIUM | N/A |
| The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message. | |||||
| CVE-2005-2389 | 1 Symantec Veritas | 2 Netbackup Enterprise Server, Netbackup Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference. | |||||
| CVE-2005-2358 | 1 Emc | 1 Navisphere Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot). | |||||