Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0612 | 1 Cisco | 7 Ipvc-3510-mcu, Ipvc-3520-gw-2b, Ipvc-3520-gw-2b2v and 4 more | 2008-09-05 | 7.5 HIGH | N/A |
| Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain hard-coded default SNMP community strings, which allows remote attackers to gain access, cause a denial of service, and modify configuration. | |||||
| CVE-2005-0660 | 1 Adalis | 1 D-forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3. | |||||
| CVE-2005-0673 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. | |||||
| CVE-2005-0463 | 1 Inl | 1 Ulog-php | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php. | |||||
| CVE-2005-0580 | 1 Krzysztof Dabrowski | 1 Cmd5checkpw | 2008-09-05 | 2.1 LOW | N/A |
| cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file. | |||||
| CVE-2005-0608 | 1 Webmod | 1 Webmod | 2008-09-05 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a POST request with a Content-Length that is less than the amount of data that is actually sent. | |||||
| CVE-2005-0460 | 1 Mercuryboard | 1 Mercuryboard | 2008-09-05 | 5.0 MEDIUM | N/A |
| index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter. | |||||
| CVE-2005-0672 | 1 Ca3de | 1 Ca3de | 2008-09-05 | 7.5 HIGH | N/A |
| Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference. | |||||
| CVE-2005-0444 | 1 Vmware | 1 Workstation | 2008-09-05 | 4.6 MEDIUM | N/A |
| VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | |||||
| CVE-2005-0544 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0432 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks. | |||||
| CVE-2005-0425 | 1 Ibm | 1 Websphere Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. | |||||
| CVE-2005-0515 | 1 Webroot Software | 1 My Firewall Plus | 2008-09-05 | 2.1 LOW | N/A |
| Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files. | |||||
| CVE-2005-0360 | 1 Microsoft | 1 Log Sink Class Activex Control | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files. | |||||
| CVE-2005-0018 | 1 F2c Open Source Project | 1 F2c Translator | 2008-09-05 | 2.1 LOW | N/A |
| The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-0242 | 1 Yahoo | 1 Messenger | 2008-09-05 | 4.6 MEDIUM | N/A |
| The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions. | |||||
| CVE-2005-0011 | 1 Kde | 1 Kde | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows. | |||||
| CVE-2005-0152 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." | |||||
| CVE-2005-0120 | 1 Helvis | 1 Helvis | 2008-09-05 | 2.1 LOW | N/A |
| helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program. | |||||
| CVE-2005-0158 | 1 Bidwatcher | 1 Bidwatcher | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses. | |||||