Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2147 | 1 Edgewall Software | 1 Trac | 2008-09-05 | 6.4 MEDIUM | N/A |
| Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts. | |||||
| CVE-2005-2320 | 1 Webcalendar | 1 Webcalendar | 2008-09-05 | 7.5 HIGH | N/A |
| WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges. | |||||
| CVE-2005-2175 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||||
| CVE-2005-2153 | 1 Osticket | 1 Osticket Sts | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable. | |||||
| CVE-2005-2282 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors. | |||||
| CVE-2005-2285 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration. | |||||
| CVE-2005-2286 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 10.0 HIGH | N/A |
| WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource. | |||||
| CVE-2005-2169 | 1 Kaf Oseo | 1 Quick And Dirty Phpsource Printer | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when PHPSource Printer uses a regular expression to remove "../" sequences. | |||||
| CVE-2005-2514 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code. | |||||
| CVE-2005-2518 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | |||||
| CVE-2005-2151 | 1 Double Precision Incorporated | 1 Courier Mail Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. | |||||
| CVE-2005-2237 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2248 | 1 Sven-ove Bjerkan | 1 Downloadprotect | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder. | |||||
| CVE-2005-2305 | 1 Dg | 1 Remote Control Server | 2008-09-05 | 7.5 HIGH | N/A |
| DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow. | |||||
| CVE-2005-2510 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 4.6 MEDIUM | N/A |
| The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator. | |||||
| CVE-2005-2230 | 1 Elmo | 1 Elmo | 2008-09-05 | 2.1 LOW | N/A |
| Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files. | |||||
| CVE-2005-2214 | 1 Debian | 1 Apt-setup | 2008-09-05 | 4.6 MEDIUM | N/A |
| apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords. | |||||
| CVE-2005-2271 | 1 Alexander Clauss | 1 Icab | 2008-09-05 | 2.6 LOW | N/A |
| iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
| CVE-2005-2259 | 1 Usanet Creations | 6 Domain Name Auction, Makebid Auction Deluxe, Makebid Auction Standard and 3 more | 2008-09-05 | 10.0 HIGH | N/A |
| The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter. | |||||
| CVE-2005-2240 | 1 Xpvm | 1 Xpvm | 2008-09-05 | 2.1 LOW | N/A |
| xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. | |||||