Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3782 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 2.1 LOW | N/A |
| Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username. | |||||
| CVE-2005-3753 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 7.8 HIGH | N/A |
| Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker. | |||||
| CVE-2005-3728 | 1 Revize Cms | 1 Revize Cms | 2008-09-05 | 5.0 MEDIUM | N/A |
| Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information. | |||||
| CVE-2005-3743 | 1 Simplepoll | 1 Simplepoll | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter. | |||||
| CVE-2005-3752 | 1 Ldapdiff | 1 Ldapdiff | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction". | |||||
| CVE-2005-3698 | 1 Php Easy Download | 1 Php Easy Download | 2008-09-05 | 7.5 HIGH | N/A |
| PHP Easy Download allows remote attackers to bypass authentication via edit.php. | |||||
| CVE-2005-3741 | 1 Almondsoft | 1 Almond Classifieds | 2008-09-05 | 7.5 HIGH | N/A |
| Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions. | |||||
| CVE-2005-3730 | 1 Revize Cms | 1 Revize Cms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp. | |||||
| CVE-2005-3537 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. | |||||
| CVE-2005-3320 | 1 Siteturn | 1 Domain Manager Pro | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script. | |||||
| CVE-2005-3477 | 1 Invision Power Services | 1 Invision Gallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery. | |||||
| CVE-2005-3642 | 1 Ibm | 1 Informix Dynamic Database Server | 2008-09-05 | 7.5 HIGH | N/A |
| IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. | |||||
| CVE-2005-3643 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 7.5 HIGH | N/A |
| IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. | |||||
| CVE-2005-3474 | 1 Sony | 1 First4internet Xcp Content Management | 2008-09-05 | 4.6 MEDIUM | N/A |
| The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP. | |||||
| CVE-2005-3332 | 1 Belchior Foundry | 1 Vcard | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter. | |||||
| CVE-2005-3425 | 1 Gnu | 1 Gnump3d | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. | |||||
| CVE-2005-3666 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. | |||||
| CVE-2005-3299 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. | |||||
| CVE-2005-3338 | 1 Mantis | 1 Mantis | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users. | |||||
| CVE-2005-3535 | 1 Ketm | 1 Ketm | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors. | |||||