Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0242 | 1 Yahoo | 1 Messenger | 2008-09-05 | 4.6 MEDIUM | N/A |
| The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions. | |||||
| CVE-2005-0011 | 1 Kde | 1 Kde | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows. | |||||
| CVE-2005-0152 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." | |||||
| CVE-2005-0120 | 1 Helvis | 1 Helvis | 2008-09-05 | 2.1 LOW | N/A |
| helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program. | |||||
| CVE-2005-0158 | 1 Bidwatcher | 1 Bidwatcher | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses. | |||||
| CVE-2005-0105 | 1 Typespeed | 1 Typespeed | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges. | |||||
| CVE-2005-0119 | 1 Helvis | 1 Helvis | 2008-09-05 | 2.1 LOW | N/A |
| helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program. | |||||
| CVE-2005-0067 | 1 Tcp | 1 Tcp | 2008-09-05 | 5.0 MEDIUM | N/A |
| The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
| CVE-2004-2756 | 1 Xoops | 1 Xoops | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters. | |||||
| CVE-2005-0068 | 1 Tcp | 1 Tcp | 2008-09-05 | 5.0 MEDIUM | N/A |
| The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
| CVE-2005-0074 | 1 Xpcd | 1 Xpcd | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code. | |||||
| CVE-2005-0117 | 1 Xshisen | 1 Xshisen | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field. | |||||
| CVE-2004-2752 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. | |||||
| CVE-2005-0161 | 1 E-merge | 1 Unace | 2008-09-05 | 2.1 LOW | N/A |
| Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames. | |||||
| CVE-2005-0151 | 1 Adobe | 3 Creative Suite, Photoshop, Premiere | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in the installation of Adobe License Management Service, as used in Adobe Photoshop CS, Adobe Creative Suite 1.0, and Adobe Premiere Pro 1.5, allows attackers to gain administrator privileges. | |||||
| CVE-2005-0017 | 1 F2c Open Source Project | 1 F2c Translator | 2008-09-05 | 2.1 LOW | N/A |
| The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-0070 | 1 Synaesthesia | 1 Synaesthesia | 2008-09-05 | 7.2 HIGH | N/A |
| Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files. | |||||
| CVE-2005-0037 | 1 Dnrd | 1 Dnrd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. | |||||
| CVE-2004-2754 | 1 Yabb | 1 Yabb Se | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. | |||||
| CVE-2005-0116 | 1 Awstats | 1 Awstats | 2008-09-05 | 7.5 HIGH | N/A |
| AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl. | |||||