Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0649 | 1 Pixel-apes Group | 1 Safehtml | 2008-09-05 | 4.3 MEDIUM | N/A |
| Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." | |||||
| CVE-2005-0461 | 1 Leonard Richardson | 1 Newsbruiser | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote attackers to "take actions on comments." | |||||
| CVE-2005-0522 | 1 Lionmax Software | 1 Chat Anywhere | 2008-09-05 | 4.6 MEDIUM | N/A |
| Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges. | |||||
| CVE-2005-0350 | 1 F-secure | 4 F-secure Anti-virus, F-secure Internet Security, F-secure Personal Express and 1 more | 2008-09-05 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive. | |||||
| CVE-2005-0462 | 1 Mercuryboard | 1 Mercuryboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter. | |||||
| CVE-2005-0653 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 4.6 MEDIUM | N/A |
| phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | |||||
| CVE-2005-0451 | 1 Sami | 1 Sami Http Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of service via an HTTP request containing two CRLF sequences, which triggers a NULL dereference. | |||||
| CVE-2005-0484 | 1 Gproftpd | 1 Gproftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log. | |||||
| CVE-2005-0517 | 1 Peerftp 5 | 1 Peerftp 5 | 2008-09-05 | 2.1 LOW | N/A |
| PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges. | |||||
| CVE-2005-0523 | 1 Prozilla | 1 Prozilla Download Accelerator | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header. | |||||
| CVE-2005-0676 | 1 Phpoutsourcing | 1 Zorum | 2008-09-05 | 7.5 HIGH | N/A |
| index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability. | |||||
| CVE-2005-0453 | 1 Lighttpd | 1 Lighttpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension. | |||||
| CVE-2005-0576 | 1 Sun | 1 Solaris | 2008-09-05 | 3.6 LOW | N/A |
| Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. | |||||
| CVE-2005-0418 | 1 Sun | 1 J2se | 2008-09-05 | 7.5 HIGH | N/A |
| Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836. | |||||
| CVE-2005-0620 | 1 Bfriendly.com | 1 Einstein | 2008-09-05 | 2.1 LOW | N/A |
| Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information. | |||||
| CVE-2005-0510 | 1 Fallback-reboot | 1 Fallback-reboot | 2008-09-05 | 2.1 LOW | N/A |
| The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty. | |||||
| CVE-2005-0465 | 1 Sgi | 1 Irix | 2008-09-05 | 2.1 LOW | N/A |
| gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option. | |||||
| CVE-2005-0667 | 5 Altlinux, Gentoo, Redhat and 2 more | 7 Alt Linux, Linux, Enterprise Linux and 4 more | 2008-09-05 | 5.1 MEDIUM | N/A |
| Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. | |||||
| CVE-2005-0393 | 1 Crip | 1 Crip | 2008-09-05 | 7.2 HIGH | N/A |
| The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors. | |||||
| CVE-2005-0610 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
| Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file. | |||||