Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4442 | 1 Openldap | 1 Openldap | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2005-4446 | 1 Aspbite | 1 Aspbite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter. | |||||
| CVE-2005-4415 | 1 Tml | 1 Tml | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter. | |||||
| CVE-2005-4275 | 1 Scientific Atlanta | 1 Dpx2100 Cable Modem | 2008-09-05 | 7.8 HIGH | N/A |
| Scientific Atlanta DPX2100 Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD), as demonstrated using hping2. NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4256 | 1 Asp-dev | 1 Xm Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. In addition, its accuracy is in question because "forum_title" does not appear to be specified in the source code for XM Forum RC3. It is possible, but not certain, that this is CVE-2004-2211. | |||||
| CVE-2005-4396 | 1 Icms Content Management Systems | 1 Icms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | |||||
| CVE-2005-4338 | 1 Blackboard | 1 Academic Suite | 2008-09-05 | 10.0 HIGH | N/A |
| announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin". | |||||
| CVE-2005-4204 | 1 Logisphere | 1 Logisphere | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS. | |||||
| CVE-2005-4404 | 1 Media2 Cms | 1 Media2 Cms Shop | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x allows remote attackers to execute arbitrary SQL commands via the item parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | |||||
| CVE-2005-4156 | 1 Mambo | 1 Mambo Open Source 4.5 | 2008-09-05 | 9.4 HIGH | N/A |
| Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character. | |||||
| CVE-2005-4443 | 1 Gauche | 1 Gauche | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2005-4457 | 1 Mailenable | 1 Mailenable Enterprise | 2008-09-05 | 7.5 HIGH | N/A |
| MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command. | |||||
| CVE-2005-4257 | 1 Linksys | 4 Befw11s4, Befw11s4 V3, Befw11s4 V4 and 1 more | 2008-09-05 | 7.8 HIGH | N/A |
| Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | |||||
| CVE-2005-4341 | 1 Blackboard | 1 Academic Suite | 2008-09-05 | 5.0 MEDIUM | N/A |
| Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure. | |||||
| CVE-2005-4174 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 7.5 HIGH | N/A |
| eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used. | |||||
| CVE-2005-4002 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 4.0 MEDIUM | N/A |
| WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. | |||||
| CVE-2005-3765 | 1 Exponent | 1 Exponent | 2008-09-05 | 7.5 HIGH | N/A |
| Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-3901 | 1 Macromedia | 1 Flash Communication Server | 2008-09-05 | 7.8 HIGH | N/A |
| Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | |||||
| CVE-2005-3766 | 1 Exponent | 1 Exponent | 2008-09-05 | 5.0 MEDIUM | N/A |
| Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files. | |||||
| CVE-2005-3697 | 1 Uresk Links | 1 Uresk Links | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php. | |||||