| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2005-2000 | Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute... | E S | |
| CVE-2005-2001 | Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attacker... | E S | |
| CVE-2005-2002 | SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to e... | S | |
| CVE-2005-2003 | Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an i... | S | |
| CVE-2005-2004 | Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier all... | E S | |
| CVE-2005-2005 | Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document roo... | S | |
| CVE-2005-2006 | JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GE... | | |
| CVE-2005-2007 | Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read... | S | |
| CVE-2005-2008 | Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts v... | S | |
| CVE-2005-2009 | Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbit... | E | |
| CVE-2005-2010 | Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attack... | E | |
| CVE-2005-2011 | Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to in... | E | |
| CVE-2005-2012 | Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execut... | E | |
| CVE-2005-2013 | paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to adm... | E | |
| CVE-2005-2014 | The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators ... | | |
| CVE-2005-2017 | Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for virus... | | |
| CVE-2005-2019 | ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems w... | | |
| CVE-2005-2020 | Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote ... | S | |
| CVE-2005-2021 | Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject... | E | |
| CVE-2005-2022 | Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Serve... | S | |
| CVE-2005-2023 | The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly hand... | S | |
| CVE-2005-2024 | Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service v... | S | |
| CVE-2005-2025 | Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by ... | E S | |
| CVE-2005-2026 | Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password... | S | |
| CVE-2005-2027 | Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain de... | S | |
| CVE-2005-2028 | SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers ... | E | |
| CVE-2005-2029 | amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and ... | S | |
| CVE-2005-2030 | Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which ... | E | |
| CVE-2005-2031 | Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL ... | E | |
| CVE-2005-2032 | Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrar... | S | |
| CVE-2005-2033 | Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows... | | |
| CVE-2005-2034 | Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote... | | |
| CVE-2005-2035 | SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attacker... | E | |
| CVE-2005-2036 | modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrat... | E | |
| CVE-2005-2037 | Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbit... | | |
| CVE-2005-2038 | Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, vi... | | |
| CVE-2005-2039 | Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and earlier allows remote attackers... | S | |
| CVE-2005-2040 | Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may al... | S | |
| CVE-2005-2041 | Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attacke... | E | |
| CVE-2005-2042 | Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allows remote attackers to inject ... | S | |
| CVE-2005-2043 | Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary... | S | |
| CVE-2005-2044 | Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attack... | E S | |
| CVE-2005-2045 | Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execut... | E | |
| CVE-2005-2046 | Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to ... | E | |
| CVE-2005-2047 | Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute ... | E | |
| CVE-2005-2048 | Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow rem... | E | |
| CVE-2005-2049 | Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute a... | E | |
| CVE-2005-2050 | Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and po... | S | |
| CVE-2005-2051 | Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 ... | S | |
| CVE-2005-2052 | Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), Real... | S | |
| CVE-2005-2053 | Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive inform... | E | |
| CVE-2005-2054 | Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allo... | S | |
| CVE-2005-2055 | RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote... | S | |
| CVE-2005-2056 | The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to... | S | |
| CVE-2005-2057 | Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow r... | E S | |
| CVE-2005-2058 | Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attacke... | E S | |
| CVE-2005-2059 | Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.p... | E S | |
| CVE-2005-2060 | Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) ... | S | |
| CVE-2005-2061 | Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the lan... | S | |
| CVE-2005-2062 | Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arb... | E | |
| CVE-2005-2063 | Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers t... | | |
| CVE-2005-2064 | Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbi... | | |
| CVE-2005-2065 | HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attacker... | | |
| CVE-2005-2066 | SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute ... | | |
| CVE-2005-2067 | SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to... | | |
| CVE-2005-2068 | FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options v... | | |
| CVE-2005-2069 | pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS... | S | |
| CVE-2005-2070 | The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts... | | |
| CVE-2005-2071 | traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_N... | E | |
| CVE-2005-2072 | The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setui... | E | |
| CVE-2005-2073 | Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with... | S | |
| CVE-2005-2074 | Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arb... | S | |
| CVE-2005-2075 | PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document r... | E S | |
| CVE-2005-2076 | HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" chara... | S | |
| CVE-2005-2077 | Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers... | E | |
| CVE-2005-2078 | BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid c... | E | |
| CVE-2005-2079 | Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 fo... | S | |
| CVE-2005-2080 | Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through ... | S | |
| CVE-2005-2081 | Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write ... | | |
| CVE-2005-2082 | im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via s... | | |
| CVE-2005-2083 | Format string vulnerability in IMAP4 in IA eMailServer Corporate Edition 5.2.2 build 1051 allows rem... | S | |
| CVE-2005-2084 | Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote atta... | | |
| CVE-2005-2085 | Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cau... | | |
| CVE-2005-2086 | PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote a... | S | |
| CVE-2005-2087 | Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 ... | | |
| CVE-2005-2088 | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows ... | E | |
| CVE-2005-2089 | Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application fi... | | |
| CVE-2005-2090 | Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison ... | E | |
| CVE-2005-2091 | IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web appl... | E | |
| CVE-2005-2092 | BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application... | E | |
| CVE-2005-2093 | Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, byp... | E | |
| CVE-2005-2094 | Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web applicatio... | | |
| CVE-2005-2095 | options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_... | S | |
| CVE-2005-2096 | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a craft... | S | |
| CVE-2005-2097 | xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to ca... | | |
| CVE-2005-2098 | The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path... | S | |
| CVE-2005-2099 | The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated proper... | S | |
| CVE-2005-2100 | The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise L... | S | |
| CVE-2005-2101 | langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, wh... | S | |
| CVE-2005-2102 | The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (applic... | | |
| CVE-2005-2103 | Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a de... | | |
| CVE-2005-2104 | sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a ... | S | |
| CVE-2005-2105 | Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Ac... | S | |
| CVE-2005-2106 | Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to exe... | S | |
| CVE-2005-2107 | Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier all... | E S | |
| CVE-2005-2108 | SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attacker... | E S | |
| CVE-2005-2109 | wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the f... | S | |
| CVE-2005-2110 | WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a dire... | S | |
| CVE-2005-2111 | login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via... | E | |
| CVE-2005-2112 | Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attacke... | E S | |
| CVE-2005-2113 | SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earli... | S | |
| CVE-2005-2114 | Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other pro... | E | |
| CVE-2005-2115 | Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server cr... | | |
| CVE-2005-2116 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1921. Reason: This candida... | R | |
| CVE-2005-2117 | Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not... | | |
| CVE-2005-2118 | Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-ass... | | |
| CVE-2005-2119 | The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (... | | |
| CVE-2005-2120 | Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2... | E S | |
| CVE-2005-2122 | Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attacker... | | |
| CVE-2005-2123 | Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 ... | S | |
| CVE-2005-2124 | Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 a... | S | |
| CVE-2005-2126 | The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, w... | S | |
| CVE-2005-2127 | Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (a... | E S | |
| CVE-2005-2128 | QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbit... | | |
| CVE-2005-2132 | RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers ... | S | |
| CVE-2005-2133 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1915. Reason: This candida... | R | |
| CVE-2005-2134 | The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial ... | | |
| CVE-2005-2135 | SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allo... | | |
| CVE-2005-2136 | Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readab... | E S | |
| CVE-2005-2137 | Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories ... | | |
| CVE-2005-2138 | Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote ... | E | |
| CVE-2005-2139 | PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attacke... | E | |
| CVE-2005-2140 | Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arb... | E | |
| CVE-2005-2141 | TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the c... | | |
| CVE-2005-2142 | Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to... | | |
| CVE-2005-2143 | Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag i... | E | |
| CVE-2005-2144 | Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfF... | | |
| CVE-2005-2145 | The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows... | | |
| CVE-2005-2146 | SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permiss... | S | |
| CVE-2005-2147 | Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in t... | S | |
| CVE-2005-2148 | Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks,... | S | |
| CVE-2005-2149 | config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, th... | S | |
| CVE-2005-2150 | Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sess... | | |
| CVE-2005-2151 | spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Fra... | | |
| CVE-2005-2152 | SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQ... | S | |
| CVE-2005-2153 | SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote att... | E | |
| CVE-2005-2154 | PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and e... | E | |
| CVE-2005-2155 | PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers... | | |
| CVE-2005-2156 | SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote attackers to execute arbitrar... | S | |
| CVE-2005-2157 | PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers t... | E | |
| CVE-2005-2158 | A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbit... | S | |
| CVE-2005-2159 | mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attackers to cause a denial of servic... | E | |
| CVE-2005-2160 | IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obta... | | |
| CVE-2005-2161 | Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary... | | |
| CVE-2005-2162 | PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attacker... | | |
| CVE-2005-2163 | Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote at... | E S | |
| CVE-2005-2164 | SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL... | S | |
| CVE-2005-2165 | read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacha... | E | |
| CVE-2005-2166 | SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attacke... | E | |
| CVE-2005-2167 | Cross-site scripting (XSS) vulnerability in index.php in Plague News System 0.6 and earlier allows r... | | |
| CVE-2005-2168 | delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete n... | | |
| CVE-2005-2169 | Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier a... | E | |
| CVE-2005-2170 | The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to caus... | S | |
| CVE-2005-2173 | The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do n... | S | |
| CVE-2005-2174 | Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database... | S | |
| CVE-2005-2175 | The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompti... | | |
| CVE-2005-2176 | Novell NetMail automatically processes HTML in an attachment without prompting the user to save or o... | E | |
| CVE-2005-2177 | Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream socke... | S | |
| CVE-2005-2178 | probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the oldd... | E | |
| CVE-2005-2179 | PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote att... | | |
| CVE-2005-2180 | gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not proper... | | |
| CVE-2005-2181 | Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag value... | | |
| CVE-2005-2182 | Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch... | | |
| CVE-2005-2183 | class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents... | | |
| CVE-2005-2184 | eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to ex... | | |
| CVE-2005-2185 | eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and c... | | |
| CVE-2005-2186 | Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System... | | |
| CVE-2005-2187 | McAfee IntruShield Security Management System allows remote authenticated users to access the "Gener... | | |
| CVE-2005-2188 | McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote ... | | |
| CVE-2005-2189 | Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web docum... | | |
| CVE-2005-2190 | Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute a... | | |
| CVE-2005-2191 | Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers... | | |
| CVE-2005-2192 | SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, ... | | |
| CVE-2005-2193 | SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earli... | S | |
| CVE-2005-2194 | Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to caus... | | |
| CVE-2005-2195 | Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (... | S | |
| CVE-2005-2196 | The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, whic... | | |
| CVE-2005-2197 | SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL q... | E | |
| CVE-2005-2198 | PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to ... | E | |
| CVE-2005-2199 | PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allo... | E | |
| CVE-2005-2200 | Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, ... | E S | |
| CVE-2005-2201 | Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3... | S | |
| CVE-2005-2202 | Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Colo... | S | |
| CVE-2005-2203 | login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct... | S | |
| CVE-2005-2204 | Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the... | E | |
| CVE-2005-2205 | The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands ... | E | |
| CVE-2005-2206 | Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements vi... | E | |
| CVE-2005-2207 | Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to in... | E | |
| CVE-2005-2208 | PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message... | E | |
| CVE-2005-2209 | Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in c... | E | |
| CVE-2005-2210 | Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arb... | E | |
| CVE-2005-2211 | Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauth... | S | |
| CVE-2005-2212 | Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, wh... | S | |
| CVE-2005-2213 | Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow re... | | |
| CVE-2005-2214 | apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows loc... | | |
| CVE-2005-2215 | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5be... | S | |
| CVE-2005-2216 | PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows... | E | |
| CVE-2005-2217 | Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, w... | E | |
| CVE-2005-2218 | The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type wh... | | |
| CVE-2005-2219 | Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions,... | E | |
| CVE-2005-2220 | Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCar... | E | |
| CVE-2005-2221 | Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL s... | | |
| CVE-2005-2222 | Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impa... | S | |
| CVE-2005-2223 | Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before ... | S | |
| CVE-2005-2224 | aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service... | E | |
| CVE-2005-2225 | Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message... | E | |
| CVE-2005-2226 | Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watch... | S | |
| CVE-2005-2227 | Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allo... | E | |
| CVE-2005-2228 | Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum.... | | |
| CVE-2005-2229 | Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or ... | E | |
| CVE-2005-2230 | Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely... | | |
| CVE-2005-2231 | High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via ... | | |
| CVE-2005-2232 | Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitr... | E S | |
| CVE-2005-2233 | Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to exec... | S | |
| CVE-2005-2234 | Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to exe... | S | |
| CVE-2005-2235 | Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users t... | S | |
| CVE-2005-2236 | Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, migh... | E | |
| CVE-2005-2237 | Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might... | | |
| CVE-2005-2238 | ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (por... | S | |
| CVE-2005-2239 | oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large num... | E | |
| CVE-2005-2240 | xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the x... | | |
| CVE-2005-2241 | Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 befo... | S | |
| CVE-2005-2242 | Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 befo... | S | |
| CVE-2005-2243 | Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 befor... | S | |
| CVE-2005-2244 | The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 b... | S | |
| CVE-2005-2245 | Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication... | S | |
| CVE-2005-2246 | Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to exec... | E | |
| CVE-2005-2247 | Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.... | S | |
| CVE-2005-2248 | Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read fi... | S | |
| CVE-2005-2249 | Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly i... | S | |
| CVE-2005-2250 | Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attacke... | S | |
| CVE-2005-2251 | PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier... | E | |
| CVE-2005-2252 | PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user ... | | |
| CVE-2005-2253 | SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the c... | E | |
| CVE-2005-2254 | Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inje... | E | |
| CVE-2005-2255 | Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files,... | E | |
| CVE-2005-2256 | Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to acce... | E | |
| CVE-2005-2257 | The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and ... | E S | |
| CVE-2005-2258 | PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote at... | E | |
| CVE-2005-2259 | The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1... | | |
| CVE-2005-2260 | The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2... | S | |
| CVE-2005-2261 | Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0... | E S | |
| CVE-2005-2262 | Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tr... | | |
| CVE-2005-2263 | The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote att... | E S | |
| CVE-2005-2264 | Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious l... | E S | |
| CVE-2005-2265 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to ca... | E S | |
| CVE-2005-2266 | Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other metho... | S | |
| CVE-2005-2267 | Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary cod... | | |
| CVE-2005-2268 | Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box wit... | E S | |
| CVE-2005-2269 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associat... | E S | |
| CVE-2005-2270 | Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows rem... | E S | |
| CVE-2005-2271 | iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, w... | E S | |
| CVE-2005-2272 | Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that g... | E | |
| CVE-2005-2273 | Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page tha... | | |
| CVE-2005-2274 | Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page... | E | |
| CVE-2005-2276 | Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allo... | E S | |
| CVE-2005-2277 | Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbit... | | |
| CVE-2005-2278 | Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote... | E S | |
| CVE-2005-2279 | Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote... | S | |
| CVE-2005-2280 | Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) v... | S | |
| CVE-2005-2281 | WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers... | S | |
| CVE-2005-2282 | Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to... | S | |
| CVE-2005-2283 | WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote aut... | S | |
| CVE-2005-2284 | Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL s... | S | |
| CVE-2005-2285 | WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configura... | S | |
| CVE-2005-2286 | WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gai... | S | |
| CVE-2005-2287 | SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application ... | | |
| CVE-2005-2288 | Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitra... | | |
| CVE-2005-2289 | PHPCounter 7.2 allows remote attackers to obtain sensitive information via a direct request to preli... | | |
| CVE-2005-2290 | wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands vi... | | |
| CVE-2005-2291 | Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when startin... | S | |
| CVE-2005-2292 | Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2)... | S | |
| CVE-2005-2293 | Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not ... | E S | |
| CVE-2005-2294 | Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle... | S | |
| CVE-2005-2295 | NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a... | E S | |
| CVE-2005-2296 | YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_ex... | | |
| CVE-2005-2297 | Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote auth... | S | |
| CVE-2005-2298 | BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote att... | | |
| CVE-2005-2299 | Multiple cross-site scripting (XSS) vulnerabilities in Simple Message Board Version 2.0 Beta 1 allow... | E | |
| CVE-2005-2300 | Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on t... | E | |
| CVE-2005-2301 | PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, wh... | | |
| CVE-2005-2302 | PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not prop... | | |
| CVE-2005-2303 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1218. Reason: This candida... | R | |
| CVE-2005-2304 | Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of s... | E | |
| CVE-2005-2305 | DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU co... | E | |
| CVE-2005-2306 | Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun... | S | |
| CVE-2005-2307 | netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of ... | E | |
| CVE-2005-2308 | The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service... | E | |
| CVE-2005-2309 | Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG... | E | |
| CVE-2005-2310 | Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote atta... | E | |
| CVE-2005-2311 | SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (... | | |
| CVE-2005-2312 | management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as ot... | S | |
| CVE-2005-2313 | Check Point SecuRemote NG with Application Intelligence R54 allows attackers to obtain credentials a... | | |
| CVE-2005-2314 | inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's user... | E S | |
| CVE-2005-2315 | Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute ... | E S | |
| CVE-2005-2316 | Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (... | S | |
| CVE-2005-2317 | Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is great... | S | |
| CVE-2005-2318 | Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to ... | E | |
| CVE-2005-2319 | PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possi... | S | |
| CVE-2005-2320 | WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remot... | S | |
| CVE-2005-2321 | PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrar... | S | |
| CVE-2005-2322 | Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with fo... | E | |
| CVE-2005-2323 | Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with foru... | E | |
| CVE-2005-2324 | Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inje... | E | |
| CVE-2005-2325 | Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direc... | E | |
| CVE-2005-2326 | Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inje... | E | |
| CVE-2005-2327 | Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject... | E | |
| CVE-2005-2328 | PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attack... | E S | |
| CVE-2005-2329 | MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, when using SSH public key authen... | E | |
| CVE-2005-2330 | Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to ... | E | |
| CVE-2005-2331 | PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to ex... | E | |
| CVE-2005-2332 | Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a allows remote attackers to inject ... | E | |
| CVE-2005-2333 | Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-Board 1.0 allows remote attacke... | E | |
| CVE-2005-2334 | Y.SAK allows remote attackers to execute arbitrary commands via shell metacharacters in the $no vari... | | |
| CVE-2005-2335 | Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a... | S | |
| CVE-2005-2336 | Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject ar... | S | |
| CVE-2005-2337 | Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers t... | S | |
| CVE-2005-2338 | Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 a... | S | |
| CVE-2005-2339 | Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1... | | |
| CVE-2005-2340 | Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitr... | E S | |
| CVE-2005-2341 | Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote a... | S | |
| CVE-2005-2342 | Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (com... | | |
| CVE-2005-2343 | Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows... | | |
| CVE-2005-2344 | The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0... | S | |
| CVE-2005-2345 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2005-2346 | Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via... | S | |
| CVE-2005-2348 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2005-2349 | Zoo 2.10 has Directory traversal... | E | |
| CVE-2005-2350 | Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitra... | E | |
| CVE-2005-2351 | Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests ... | | |
| CVE-2005-2352 | I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.... | | |
| CVE-2005-2353 | run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arb... | | |
| CVE-2005-2354 | Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.... | E | |
| CVE-2005-2355 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2335, CVE-2005-2356. Reaso... | R | |
| CVE-2005-2357 | Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to rea... | | |
| CVE-2005-2358 | EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP r... | E S | |
| CVE-2005-2359 | The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without oth... | S | |
| CVE-2005-2360 | Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attacker... | S | |
| CVE-2005-2361 | Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP... | S | |
| CVE-2005-2362 | Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers t... | S | |
| CVE-2005-2363 | Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector... | S | |
| CVE-2005-2364 | Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.2... | S | |
| CVE-2005-2365 | Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 allows remote attackers... | S | |
| CVE-2005-2366 | Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a de... | S | |
| CVE-2005-2367 | Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, a... | S | |
| CVE-2005-2368 | vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute a... | E S | |
| CVE-2005-2369 | Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may ... | | |
| CVE-2005-2370 | Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and ... | | |
| CVE-2005-2371 | Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to ... | | |
| CVE-2005-2372 | Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as... | E | |
| CVE-2005-2373 | Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary cod... | | |
| CVE-2005-2374 | Belkin 54g wireless routers do not properly set an administrative password, which allows remote atta... | | |
| CVE-2005-2375 | Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denia... | E | |
| CVE-2005-2376 | Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service... | E | |
| CVE-2005-2377 | nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and oth... | S | |
| CVE-2005-2378 | Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files ... | E | |
| CVE-2005-2379 | Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers t... | E | |
| CVE-2005-2380 | Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject ... | | |
| CVE-2005-2381 | PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1... | | |
| CVE-2005-2382 | Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the ... | E | |
| CVE-2005-2383 | SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote attackers to execute arbitrar... | S | |
| CVE-2005-2384 | Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in ava... | S | |
| CVE-2005-2385 | Buffer overflow in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home... | S | |
| CVE-2005-2386 | Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to ... | E | |
| CVE-2005-2387 | Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 allow remote attackers to execute... | E | |
| CVE-2005-2388 | Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute a... | | |
| CVE-2005-2389 | NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG mess... | | |
| CVE-2005-2390 | Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial ... | | |
| CVE-2005-2391 | Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote a... | S | |
| CVE-2005-2392 | Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote att... | S | |
| CVE-2005-2393 | Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitra... | E | |
| CVE-2005-2394 | show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an... | E | |
| CVE-2005-2395 | Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication sche... | E | |
| CVE-2005-2396 | Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to i... | S | |
| CVE-2005-2397 | Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to... | E | |
| CVE-2005-2398 | Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbit... | | |
| CVE-2005-2399 | PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to (1) browse... | | |
| CVE-2005-2400 | The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to bypass the login and gain pri... | S | |
| CVE-2005-2401 | PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode c... | | |
| CVE-2005-2402 | Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attacke... | E | |
| CVE-2005-2403 | The login protocol in RealChat 3.5.1b does not use authentication, which allows remote attackers to ... | E | |
| CVE-2005-2404 | SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows remote attackers to execute arb... | | |
| CVE-2005-2405 | Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle e... | S | |
| CVE-2005-2406 | Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which fil... | S | |
| CVE-2005-2407 | A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by... | S | |
| CVE-2005-2408 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2005-2409 | Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allow... | S | |
| CVE-2005-2410 | Format string vulnerability in the nm_info_handler function in Network Manager may allow remote atta... | | |
| CVE-2005-2411 | Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allow... | | |
| CVE-2005-2412 | PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to exe... | | |
| CVE-2005-2413 | PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows... | | |
| CVE-2005-2414 | Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and... | | |
| CVE-2005-2415 | Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute ar... | E S | |
| CVE-2005-2416 | Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers ... | E S | |
| CVE-2005-2417 | Contrexx before 1.0.5 allows remote attackers to obtain sensitive information via a direct request t... | E S | |
| CVE-2005-2418 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2403. Reason: This candida... | R | |
| CVE-2005-2419 | B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access vi... | | |
| CVE-2005-2420 | flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metach... | | |
| CVE-2005-2421 | Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote at... | | |
| CVE-2005-2422 | Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum allows remote attackers to in... | | |
| CVE-2005-2423 | Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri o... | | |
| CVE-2005-2424 | The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products... | E | |
| CVE-2005-2425 | Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute ... | | |
| CVE-2005-2426 | FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application cra... | | |
| CVE-2005-2427 | Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to injec... | | |
| CVE-2005-2428 | Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data f... | E | |
| CVE-2005-2429 | Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sect... | | |
| CVE-2005-2430 | Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject a... | | |
| CVE-2005-2431 | The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on ... | | |
| CVE-2005-2432 | SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id a... | | |
| CVE-2005-2433 | PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.ph... | | |
| CVE-2005-2434 | Linksys WRT54G router uses the same private key and certificate for every router, which allows remot... | | |
| CVE-2005-2435 | Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attack... | | |
| CVE-2005-2436 | browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a direc... | | |
| CVE-2005-2437 | Website Baker Project does not properly verify the file extensions of uploaded files, which allows r... | | |
| CVE-2005-2438 | Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier allows remote attackers to injec... | S | |
| CVE-2005-2439 | SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows re... | S | |
| CVE-2005-2440 | SQL injection vulnerability in login.asp in Thomson Web Skill Vantage Manager allows remote attacker... | | |
| CVE-2005-2441 | Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbit... | | |
| CVE-2005-2442 | Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196 allows remote att... | E | |
| CVE-2005-2443 | Kshout 2.x and 3.x stores settings.dat under the web document root with insufficient access control,... | | |
| CVE-2005-2444 | Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world ... | | |
| CVE-2005-2445 | SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows remote attackers to execute ar... | | |
| CVE-2005-2446 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2369. Reason: This candida... | R | |
| CVE-2005-2447 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2370. Reason: This candida... | R | |
| CVE-2005-2448 | Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denia... | | |
| CVE-2005-2449 | Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files vi... | S | |
| CVE-2005-2450 | Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav ... | S | |
| CVE-2005-2451 | Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a l... | S | |
| CVE-2005-2452 | libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a T... | | |
| CVE-2005-2453 | Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.1... | S | |
| CVE-2005-2454 | IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Fu... | | |
| CVE-2005-2455 | Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to... | E S | |
| CVE-2005-2456 | Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows... | S | |
| CVE-2005-2457 | The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local... | | |
| CVE-2005-2458 | inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause ... | S | |
| CVE-2005-2459 | The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 return... | | |
| CVE-2005-2460 | Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attacker... | E | |
| CVE-2005-2461 | Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remo... | | |
| CVE-2005-2462 | Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which... | | |
| CVE-2005-2463 | Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request... | E | |
| CVE-2005-2464 | login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by ... | | |
| CVE-2005-2465 | Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inje... | | |
| CVE-2005-2466 | Multiple SQL injection vulnerabilities in the auth_user function in admin.php in OpenBook 1.2.2 allo... | E | |
| CVE-2005-2467 | Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote ... | E S | |
| CVE-2005-2468 | Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to ... | E S | |
| CVE-2005-2469 | Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions... | S | |
| CVE-2005-2470 | Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 t... | S | |
| CVE-2005-2471 | pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a P... | | |
| CVE-2005-2472 | Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of servic... | E S | |
| CVE-2005-2473 | Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL... | | |
| CVE-2005-2474 | ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID paramete... | | |
| CVE-2005-2475 | Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard ... | | |
| CVE-2005-2476 | Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows rem... | | |
| CVE-2005-2477 | shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive in... | | |
| CVE-2005-2478 | SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL com... | E S | |
| CVE-2005-2479 | Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial of service (application crash... | | |
| CVE-2005-2480 | Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inje... | E | |
| CVE-2005-2481 | ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuse... | | |
| CVE-2005-2482 | The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the... | S | |
| CVE-2005-2483 | Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary ... | S | |
| CVE-2005-2484 | Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 might allow attackers to execute ... | S | |
| CVE-2005-2485 | Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote at... | S | |
| CVE-2005-2486 | SQL injection vulnerability in mod_forum/read_message.php in PortailPHP allows remote attackers to e... | E | |
| CVE-2005-2487 | Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.... | S | |
| CVE-2005-2488 | Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attacke... | E | |
| CVE-2005-2489 | Web Content Management News System allows remote attackers to create arbitrary accounts and gain pri... | E | |
| CVE-2005-2490 | Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 all... | S | |
| CVE-2005-2491 | Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used... | S | |
| CVE-2005-2492 | The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denia... | S | |
| CVE-2005-2493 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2005-2494 | kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on l... | S | |
| CVE-2005-2495 | Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrar... | | |
| CVE-2005-2496 | The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify... | | |
| CVE-2005-2497 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2641. Reason: This candida... | R | |
| CVE-2005-2498 | Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multi... | S | |
| CVE-2005-2499 | slocate before 2.7 does not properly process very long paths, which allows local users to cause a de... | S | |
| CVE-2005-2500 | Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Li... | S | |
| CVE-2005-2501 | Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to ... | S | |
| CVE-2005-2502 | Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, ... | | |
| CVE-2005-2503 | AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts... | S | |
| CVE-2005-2504 | The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" ... | S | |
| CVE-2005-2505 | Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via ... | S | |
| CVE-2005-2506 | Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attacker... | S | |
| CVE-2005-2507 | Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execu... | S | |
| CVE-2005-2508 | dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user account... | S | |
| CVE-2005-2509 | Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is ena... | S | |
| CVE-2005-2510 | The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets... | S | |
| CVE-2005-2511 | Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, ... | S | |
| CVE-2005-2512 | Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote ima... | S | |
| CVE-2005-2513 | Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure inpu... | S | |
| CVE-2005-2514 | Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.... | S | |
| CVE-2005-2515 | Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visu... | S | |
| CVE-2005-2516 | Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly acce... | S | |
| CVE-2005-2517 | Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that ... | S | |
| CVE-2005-2518 | Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbit... | S | |
| CVE-2005-2519 | slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows... | S | |
| CVE-2005-2520 | The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the sa... | S | |
| CVE-2005-2521 | Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via un... | S | |
| CVE-2005-2522 | Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the norm... | S | |
| CVE-2005-2523 | Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allo... | S | |
| CVE-2005-2524 | Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via ... | S | |
| CVE-2005-2525 | CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple s... | S | |
| CVE-2005-2526 | CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consump... | S | |
| CVE-2005-2527 | Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt ... | | |
| CVE-2005-2528 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2005-2529 | Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users ... | | |
| CVE-2005-2530 | Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet... | | |
| CVE-2005-2531 | OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly f... | S | |
| CVE-2005-2532 | OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decryp... | S | |
| CVE-2005-2533 | OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated ... | S | |
| CVE-2005-2534 | Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers ... | S | |
| CVE-2005-2535 | Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remot... | E S | |
| CVE-2005-2536 | pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract ... | S | |
| CVE-2005-2537 | FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information... | E | |
| CVE-2005-2538 | FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information... | E | |
| CVE-2005-2539 | Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions ... | E | |
| CVE-2005-2540 | CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers... | E | |
| CVE-2005-2541 | Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow l... | | |
| CVE-2005-2542 | Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via ... | E | |
| CVE-2005-2543 | Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attacker... | E | |
| CVE-2005-2544 | PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attacker... | | |
| CVE-2005-2545 | Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to i... | | |
| CVE-2005-2546 | Arab Portal 2.0 allows remote attackers to obtain sensitive information via a long (1) username or (... | | |
| CVE-2005-2547 | security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary comma... | S | |
| CVE-2005-2548 | vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attackers to cause a denial of serv... | E | |
| CVE-2005-2549 | Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to ca... | | |
| CVE-2005-2550 | Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a deni... | | |
| CVE-2005-2551 | Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to ... | S | |
| CVE-2005-2552 | Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware befo... | | |
| CVE-2005-2553 | The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly han... | E | |
| CVE-2005-2554 | The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permi... | E | |
| CVE-2005-2555 | Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN c... | | |
| CVE-2005-2556 | core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remo... | S | |
| CVE-2005-2557 | Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allo... | E S | |
| CVE-2005-2558 | Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13,... | S | |
| CVE-2005-2559 | doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbit... | S | |
| CVE-2005-2560 | Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to injec... | | |
| CVE-2005-2561 | Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL ... | | |
| CVE-2005-2562 | SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrar... | E | |
| CVE-2005-2563 | Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attack... | E | |
| CVE-2005-2564 | Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote... | | |
| CVE-2005-2565 | Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the... | | |
| CVE-2005-2566 | Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to exe... | | |
| CVE-2005-2567 | PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execu... | S | |
| CVE-2005-2568 | Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attac... | S | |
| CVE-2005-2569 | Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versio... | | |
| CVE-2005-2570 | FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive informa... | | |
| CVE-2005-2571 | FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/... | | |
| CVE-2005-2572 | MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysq... | | |
| CVE-2005-2573 | The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and... | S | |
| CVE-2005-2574 | xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attacker... | | |
| CVE-2005-2575 | SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arb... | | |
| CVE-2005-2576 | CaLogic 1.22, and possibly earlier versions, allows remote attackers to obtain sensitive information... | | |
| CVE-2005-2577 | Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial o... | | |
| CVE-2005-2578 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2552. Reason: This candida... | R | |
| CVE-2005-2579 | Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication,... | | |
| CVE-2005-2580 | Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow ... | | |
| CVE-2005-2581 | Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows rem... | | |
| CVE-2005-2582 | Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) l... | E S | |
| CVE-2005-2583 | Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP po... | | |
| CVE-2005-2584 | The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set... | | |
| CVE-2005-2585 | Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of ser... | | |
| CVE-2005-2586 | Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleart... | | |
| CVE-2005-2587 | SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 allows remote attackers t... | | |
| CVE-2005-2588 | Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attack... | E | |
| CVE-2005-2589 | Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKI... | | |
| CVE-2005-2590 | Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote a... | | |
| CVE-2005-2591 | Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vec... | | |
| CVE-2005-2592 | Unknown vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to bypass ... | | |
| CVE-2005-2593 | Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vector... | | |
| CVE-2005-2594 | Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash... | E | |
| CVE-2005-2595 | Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to... | S | |
| CVE-2005-2596 | User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to a... | S | |
| CVE-2005-2597 | AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local user... | | |
| CVE-2005-2598 | Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allo... | | |
| CVE-2005-2599 | Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's pa... | | |
| CVE-2005-2600 | FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupw... | S | |
| CVE-2005-2601 | SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands vi... | E | |
| CVE-2005-2602 | Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, ... | E | |
| CVE-2005-2603 | Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remot... | E S | |
| CVE-2005-2604 | index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path vi... | E S | |
| CVE-2005-2605 | Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authent... | S | |
| CVE-2005-2606 | Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and at... | S | |
| CVE-2005-2607 | PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 al... | E S | |
| CVE-2005-2608 | SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote... | S | |
| CVE-2005-2609 | index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain th... | E | |
| CVE-2005-2610 | Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other ve... | E | |
| CVE-2005-2611 | VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.... | E S | |
| CVE-2005-2612 | Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to exec... | E | |
| CVE-2005-2613 | Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP... | S | |
| CVE-2005-2614 | Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which all... | E | |
| CVE-2005-2615 | Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, po... | S | |
| CVE-2005-2616 | Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrar... | E | |
| CVE-2005-2617 | The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x... | | |
| CVE-2005-2618 | Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as use... | S | |
| CVE-2005-2619 | Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.... | S | |
| CVE-2005-2620 | grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory... | S | |
| CVE-2005-2621 | index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min ... | | |
| CVE-2005-2622 | Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to i... | | |
| CVE-2005-2623 | ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying... | | |
| CVE-2005-2624 | Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code ... | | |
| CVE-2005-2625 | Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers ... | | |
| CVE-2005-2626 | Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown imp... | | |
| CVE-2005-2627 | Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary ... | | |
| CVE-2005-2628 | Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF fil... | S | |
| CVE-2005-2629 | Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Playe... | S | |
| CVE-2005-2630 | Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2... | S | |
| CVE-2005-2631 | Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authen... | S | |
| CVE-2005-2632 | SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows rem... | | |
| CVE-2005-2633 | Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) ... | E | |
| CVE-2005-2634 | Buffer overflow in the Log-SCR function in the "Log to Screen" feature in WinFtp Server 1.6.8 allows... | E | |
| CVE-2005-2635 | Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 allow remote att... | E S | |
| CVE-2005-2636 | SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows... | S | |
| CVE-2005-2637 | Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to exe... | E | |
| CVE-2005-2638 | Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote att... | E | |
| CVE-2005-2639 | Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause ... | E | |
| CVE-2005-2640 | Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier,... | E | |
| CVE-2005-2641 | Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control,... | | |
| CVE-2005-2642 | Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attacker... | E S | |
| CVE-2005-2643 | Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certa... | S | |
| CVE-2005-2644 | Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl allows remote attackers to cause... | E | |
| CVE-2005-2645 | Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 34... | S | |
| CVE-2005-2646 | Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 34... | S | |
| CVE-2005-2647 | Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 thro... | S | |
| CVE-2005-2648 | Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers ... | E | |
| CVE-2005-2649 | Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary... | E | |
| CVE-2005-2650 | Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers ... | S | |
| CVE-2005-2651 | gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacte... | E | |
| CVE-2005-2652 | Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) go... | E | |
| CVE-2005-2653 | Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary ... | E | |
| CVE-2005-2654 | phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even... | S | |
| CVE-2005-2655 | lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows l... | S | |
| CVE-2005-2656 | Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which al... | S | |
| CVE-2005-2657 | Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileg... | S | |
| CVE-2005-2658 | Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remot... | S | |
| CVE-2005-2659 | Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmV... | S | |
| CVE-2005-2660 | apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to ... | S | |
| CVE-2005-2661 | Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.... | S | |
| CVE-2005-2662 | masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addr... | S | |
| CVE-2005-2663 | masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log... | S | |
| CVE-2005-2664 | Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allow... | | |
| CVE-2005-2665 | Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, al... | S | |
| CVE-2005-2666 | SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP a... | S | |
| CVE-2005-2667 | Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Bui... | S | |
| CVE-2005-2668 | Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before... | S | |
| CVE-2005-2669 | Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 befor... | | |
| CVE-2005-2670 | Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advance... | S | |
| CVE-2005-2671 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2041. Reason: This candida... | R | |
| CVE-2005-2672 | pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to... | | |
| CVE-2005-2673 | SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote auth... | E | |
| CVE-2005-2674 | Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Lan... | E | |
| CVE-2005-2675 | Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under ... | E | |
| CVE-2005-2676 | Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.... | S | |
| CVE-2005-2677 | ACNews stores the database in a file under the web document root with a db.inc extension and insuffi... | | |
| CVE-2005-2678 | Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security... | | |
| CVE-2005-2679 | Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local ... | E | |
| CVE-2005-2680 | Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows re... | S | |
| CVE-2005-2681 | Unspecified vulnerability in the command line processing (CLI) logic in Cisco Intrusion Prevention S... | S | |
| CVE-2005-2682 | aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers ... | S | |
| CVE-2005-2683 | Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary S... | E | |
| CVE-2005-2684 | nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via s... | E | |
| CVE-2005-2685 | SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admi... | E | |
| CVE-2005-2686 | Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary ... | E | |
| CVE-2005-2687 | PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbi... | E | |
| CVE-2005-2688 | Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to i... | E | |
| CVE-2005-2689 | Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers t... | E | |
| CVE-2005-2690 | SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administr... | E | |
| CVE-2005-2691 | includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP... | | |
| CVE-2005-2692 | Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute a... | E | |
| CVE-2005-2693 | cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to ov... | S | |
| CVE-2005-2694 | Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allows remote attackers to execute... | | |
| CVE-2005-2695 | Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Manageme... | S | |
| CVE-2005-2696 | IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB)... | E | |
| CVE-2005-2697 | SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 throug... | | |
| CVE-2005-2698 | Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows rem... | | |
| CVE-2005-2699 | Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticate... | | |
| CVE-2005-2700 | ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global vi... | | |
| CVE-2005-2701 | Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att... | | |
| CVE-2005-2702 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of se... | | |
| CVE-2005-2703 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers ... | | |
| CVE-2005-2704 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects vi... | S | |
| CVE-2005-2705 | Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 mi... | | |
| CVE-2005-2706 | Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript w... | | |
| CVE-2005-2707 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows withou... | S | |
| CVE-2005-2708 | The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does no... | E | |
| CVE-2005-2709 | The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a de... | | |
| CVE-2005-2710 | Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute... | | |
| CVE-2005-2711 | ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, ... | | |
| CVE-2005-2712 | The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote att... | S | |
| CVE-2005-2713 | passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local ... | E S | |
| CVE-2005-2714 | passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local ... | E S | |
| CVE-2005-2715 | Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetB... | E S | |
| CVE-2005-2716 | The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 all... | E S | |
| CVE-2005-2717 | PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execu... | S | |
| CVE-2005-2718 | Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitr... | S | |
| CVE-2005-2719 | Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial of service (application crash... | E | |
| CVE-2005-2720 | Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Vir... | S | |
| CVE-2005-2721 | Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP ... | E | |
| CVE-2005-2722 | Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request t... | | |
| CVE-2005-2723 | SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmethod is set to cookies, allows r... | E S | |
| CVE-2005-2724 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitr... | | |
| CVE-2005-2725 | The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check ... | E | |
| CVE-2005-2726 | Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read... | | |
| CVE-2005-2727 | Home Ftp Server 1.0.7 stores sensitive user information and server information in the same directory... | | |
| CVE-2005-2728 | The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of servi... | S | |
| CVE-2005-2729 | The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localh... | | |
| CVE-2005-2730 | The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information ... | | |
| CVE-2005-2731 | Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote aut... | | |
| CVE-2005-2732 | AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information ... | | |
| CVE-2005-2733 | upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploa... | | |
| CVE-2005-2734 | Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to... | S | |
| CVE-2005-2735 | Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to ... | S | |
| CVE-2005-2736 | Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject... | | |
| CVE-2005-2737 | Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject ... | | |
| CVE-2005-2738 | Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening ... | | |
| CVE-2005-2739 | Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out... | S | |
| CVE-2005-2740 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2005-2741 | Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges ... | S | |
| CVE-2005-2742 | SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." ... | S | |
| CVE-2005-2743 | The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets ... | S | |
| CVE-2005-2744 | Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such ... | S | |
| CVE-2005-2745 | Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can inclu... | S | |
| CVE-2005-2746 | Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-repl... | S | |
| CVE-2005-2747 | Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Sa... | S | |
| CVE-2005-2748 | The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users ... | S | |
| CVE-2005-2749 | Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder... | S | |
| CVE-2005-2750 | Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without ask... | S | |
| CVE-2005-2751 | memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access co... | S | |
| CVE-2005-2752 | An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before... | S | |
| CVE-2005-2753 | Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary... | S | |
| CVE-2005-2754 | Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary... | S | |
| CVE-2005-2755 | Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (cra... | S | |
| CVE-2005-2756 | Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrar... | S | |
| CVE-2005-2757 | Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows ... | S | |
| CVE-2005-2758 | Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and ... | S | |
| CVE-2005-2759 | ** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh run... | S | |
| CVE-2005-2761 | Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject ... | S | |
| CVE-2005-2762 | Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attack... | S | |
| CVE-2005-2763 | Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a d... | S | |
| CVE-2005-2764 | Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (cr... | S | |
| CVE-2005-2765 | The user interface in the Windows Firewall does not properly display certain malformed entries in th... | | |
| CVE-2005-2766 | Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtainin... | | |
| CVE-2005-2767 | Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string ... | E S | |
| CVE-2005-2768 | Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage... | | |
| CVE-2005-2769 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remot... | E S | |
| CVE-2005-2770 | WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not pro... | S | |
| CVE-2005-2771 | WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes ac... | S | |
| CVE-2005-2772 | Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote ma... | E | |
| CVE-2005-2773 | HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary comma... | KEV E | |
| CVE-2005-2774 | Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows remote attackers to cause a de... | | |
| CVE-2005-2775 | php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_c... | E | |
| CVE-2005-2776 | Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 20040427 allow remote attackers... | E | |
| CVE-2005-2777 | Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacter... | E | |
| CVE-2005-2778 | SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execu... | E | |
| CVE-2005-2779 | The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-t... | E | |
| CVE-2005-2780 | Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject ... | | |
| CVE-2005-2781 | The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which a... | S | |
| CVE-2005-2782 | PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote att... | E | |
| CVE-2005-2783 | Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers ... | E | |
| CVE-2005-2784 | SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.... | | |
| CVE-2005-2785 | cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local user... | | |
| CVE-2005-2786 | Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remot... | | |
| CVE-2005-2787 | comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the ... | E | |
| CVE-2005-2788 | Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attacke... | E | |
| CVE-2005-2789 | BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows rem... | E | |
| CVE-2005-2790 | BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on ... | E | |
| CVE-2005-2791 | BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows rem... | E | |
| CVE-2005-2792 | Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attac... | E | |
| CVE-2005-2793 | PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote... | E | |
| CVE-2005-2794 | store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (cras... | | |
| CVE-2005-2795 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2005-2796 | The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers t... | S | |
| CVE-2005-2797 | OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" o... | S | |
| CVE-2005-2798 | sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to ... | S | |
| CVE-2005-2799 | Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4... | S | |
| CVE-2005-2800 | Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.1... | | |
| CVE-2005-2801 | xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the nam... | E S | |
| CVE-2005-2802 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2872, CVE-2005-2873. Reaso... | R | |
| CVE-2005-2803 | Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject ar... | S | |
| CVE-2005-2804 | Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allo... | E S | |
| CVE-2005-2805 | forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the f... | | |
| CVE-2005-2806 | client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers to cause a denia... | E | |
| CVE-2005-2807 | frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuratio... | E | |
| CVE-2005-2808 | frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to byp... | | |
| CVE-2005-2809 | silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users... | S | |
| CVE-2005-2810 | Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via... | S | |
| CVE-2005-2811 | Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certa... | | |
| CVE-2005-2812 | man2web allows remote attackers to execute arbitrary commands via -P arguments.... | E | |
| CVE-2005-2813 | Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to ... | E | |
| CVE-2005-2814 | Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitra... | E | |
| CVE-2005-2815 | print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure... | E | |
| CVE-2005-2816 | Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary w... | | |
| CVE-2005-2817 | Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allo... | E | |
| CVE-2005-2818 | Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary... | | |
| CVE-2005-2819 | DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) up... | | |
| CVE-2005-2820 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitr... | S | |
| CVE-2005-2827 | The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local... | S | |
| CVE-2005-2829 | Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers... | S | |
| CVE-2005-2830 | Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic A... | S | |
| CVE-2005-2831 | Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (a... | S | |
| CVE-2005-2836 | Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attac... | E S | |
| CVE-2005-2837 | Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote atta... | S | |
| CVE-2005-2838 | SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers... | S | |
| CVE-2005-2839 | Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers t... | S | |
| CVE-2005-2840 | Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspeci... | S | |
| CVE-2005-2841 | Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH... | | |
| CVE-2005-2842 | Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to... | E S | |
| CVE-2005-2843 | Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote at... | S | |
| CVE-2005-2844 | Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denia... | E | |
| CVE-2005-2845 | Ariba Spend Management System sends the username and password to the server in plaintext in a POST r... | | |
| CVE-2005-2846 | PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remot... | E S | |
| CVE-2005-2847 | img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to exec... | E S | |
| CVE-2005-2848 | Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3... | E S | |
| CVE-2005-2849 | Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allow... | S | |
| CVE-2005-2850 | SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and ... | E | |
| CVE-2005-2851 | smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink a... | S | |
| CVE-2005-2852 | Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote atta... | S | |
| CVE-2005-2853 | Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attacke... | S | |
| CVE-2005-2854 | CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allo... | S | |
| CVE-2005-2855 | Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to ... | E | |
| CVE-2005-2856 | Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0... | S | |
| CVE-2005-2857 | Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy).... | E | |
| CVE-2005-2858 | The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7.0 allows remote attackers to r... | E | |
| CVE-2005-2859 | Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allow... | E | |
| CVE-2005-2860 | Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject... | E S | |
| CVE-2005-2861 | Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Ed... | E S | |
| CVE-2005-2862 | ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote ... | | |
| CVE-2005-2863 | Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote at... | | |
| CVE-2005-2864 | URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high s... | S | |
| CVE-2005-2865 | Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to ex... | | |
| CVE-2005-2866 | Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles re... | E | |
| CVE-2005-2867 | SQL injection vulnerability in BlueWhaleCRM allows remote attackers to execute arbitrary SQL command... | | |
| CVE-2005-2868 | ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pref.txt file, which allows loca... | E | |
| CVE-2005-2869 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attacker... | E | |
| CVE-2005-2870 | Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execu... | | |
| CVE-2005-2871 | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier,... | E | |
| CVE-2005-2872 | The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit pr... | S | |
| CVE-2005-2873 | The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly per... | S | |
| CVE-2005-2874 | The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remo... | E S | |
| CVE-2005-2875 | Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play ... | | |
| CVE-2005-2876 | umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-uti... | | |
| CVE-2005-2877 | The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to ... | E S | |
| CVE-2005-2878 | Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote auth... | E S | |
| CVE-2005-2879 | Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwo... | E | |
| CVE-2005-2880 | Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions,... | E | |
| CVE-2005-2881 | phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized ac... | E | |
| CVE-2005-2882 | Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earl... | E | |
| CVE-2005-2883 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2855. Reason: This candida... | R | |
| CVE-2005-2884 | Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allo... | E | |
| CVE-2005-2885 | The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blackl... | E | |
| CVE-2005-2886 | Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier ve... | E | |
| CVE-2005-2887 | MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive inf... | E | |
| CVE-2005-2888 | Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote atta... | | |
| CVE-2005-2889 | Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rul... | | |
| CVE-2005-2890 | SecureOL VE2 1.05.1008 does not properly restrict public access to physical memory, which allows loc... | E S | |
| CVE-2005-2891 | WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by defaul... | E | |
| CVE-2005-2892 | Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, al... | E | |
| CVE-2005-2893 | Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier ver... | E | |
| CVE-2005-2894 | Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earli... | | |
| CVE-2005-2895 | setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensi... | E | |
| CVE-2005-2896 | SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL comman... | E | |
| CVE-2005-2897 | WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files ... | | |
| CVE-2005-2898 | NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlie... | E | |
| CVE-2005-2899 | Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote at... | | |
| CVE-2005-2900 | Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 allows remote attackers to inje... | | |
| CVE-2005-2901 | Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 allow remote attackers to inje... | | |
| CVE-2005-2902 | SQL injection vulnerability in class-1 Forum Software 0.24.4 allows remote attackers to execute arbi... | E | |
| CVE-2005-2903 | Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 1127, with active scanning enable... | E S | |
| CVE-2005-2904 | Zebedee 2.4.1, when "allowed redirection port" is not set, allows remote attackers to cause a denial... | E S | |
| CVE-2005-2912 | Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and serv... | | |
| CVE-2005-2913 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2799. Reason: This candida... | R | |
| CVE-2005-2914 | ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and pos... | | |
| CVE-2005-2915 | ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and pos... | | |
| CVE-2005-2916 | Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify u... | S | |
| CVE-2005-2917 | Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certa... | S | |
| CVE-2005-2918 | The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwr... | | |
| CVE-2005-2919 | libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of ... | S | |
| CVE-2005-2920 | Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to... | S | |
| CVE-2005-2922 | Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions inc... | E S | |
| CVE-2005-2923 | The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote... | S | |
| CVE-2005-2925 | runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary command... | S | |
| CVE-2005-2926 | Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local user... | S | |
| CVE-2005-2927 | Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, a... | S | |
| CVE-2005-2929 | Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary comm... | S | |
| CVE-2005-2930 | Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, a... | S | |
| CVE-2005-2931 | Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite... | S | |
| CVE-2005-2932 | Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite... | | |
| CVE-2005-2933 | Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW... | S | |
| CVE-2005-2934 | Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privi... | S | |
| CVE-2005-2935 | Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execu... | E | |
| CVE-2005-2936 | Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.1... | | |
| CVE-2005-2937 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3663, CVE-2005-3664. Reaso... | R | |
| CVE-2005-2938 | Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for W... | | |
| CVE-2005-2939 | Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local... | | |
| CVE-2005-2940 | Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow loc... | | |
| CVE-2005-2942 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has be... | R | |
| CVE-2005-2943 | Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbi... | S | |
| CVE-2005-2944 | The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows l... | S | |
| CVE-2005-2945 | arc 5.21j and earlier create temporary files with world-readable permissions, which allows local use... | | |
| CVE-2005-2946 | The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a... | | |
| CVE-2005-2947 | Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary ... | E | |
| CVE-2005-2948 | KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multip... | | |
| CVE-2005-2949 | pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and... | S | |
| CVE-2005-2950 | Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to ... | E | |
| CVE-2005-2951 | Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier ... | E | |
| CVE-2005-2952 | Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote at... | E S | |
| CVE-2005-2953 | Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers ... | E | |
| CVE-2005-2954 | SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attack... | E S | |
| CVE-2005-2955 | config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check... | E | |
| CVE-2005-2956 | ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root ... | E | |
| CVE-2005-2957 | Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when... | S | |
| CVE-2005-2958 | Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 a... | S | |
| CVE-2005-2959 | Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges v... | E S | |
| CVE-2005-2960 | cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on te... | S | |
| CVE-2005-2961 | Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the... | S | |
| CVE-2005-2962 | The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the config... | S | |
| CVE-2005-2963 | The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow au... | S | |
| CVE-2005-2964 | Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via ... | S | |
| CVE-2005-2965 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4802, CVE-2005-4803. Reaso... | R | |
| CVE-2005-2966 | The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attack... | E | |
| CVE-2005-2967 | Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1... | E S | |
| CVE-2005-2968 | Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharac... | S | |
| CVE-2005-2969 | The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using... | S | |
| CVE-2005-2970 | Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attac... | | |
| CVE-2005-2971 | Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote a... | E S | |
| CVE-2005-2972 | Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-... | E S | |
| CVE-2005-2973 | The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows loca... | | |
| CVE-2005-2974 | libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file t... | | |
| CVE-2005-2975 | io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to caus... | S | |
| CVE-2005-2976 | Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a d... | S | |
| CVE-2005-2977 | The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessin... | S | |
| CVE-2005-2978 | pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index var... | E | |
| CVE-2005-2979 | SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attacker... | E | |
| CVE-2005-2980 | Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allow... | E | |
| CVE-2005-2981 | Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject ... | | |
| CVE-2005-2982 | Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject a... | | |
| CVE-2005-2983 | SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to... | E | |
| CVE-2005-2984 | Avocent CCM console server running firmware 2.1 CCM4850 allows remote authenticated attackers to byp... | E S | |
| CVE-2005-2985 | SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allow... | E | |
| CVE-2005-2986 | The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3N... | S | |
| CVE-2005-2987 | SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute ar... | E | |
| CVE-2005-2988 | HP LaserJet 2430, and possibly other printers that use Jetdirect controls, stores information about ... | | |
| CVE-2005-2989 | Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute a... | E S | |
| CVE-2005-2990 | AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores sensitive information such as user... | S | |
| CVE-2005-2991 | ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on ... | | |
| CVE-2005-2992 | arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on tempor... | S | |
| CVE-2005-2993 | Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up ... | S | |
| CVE-2005-2994 | Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, a... | | |
| CVE-2005-2995 | bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks o... | S | |
| CVE-2005-2996 | Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS St... | E S | |
| CVE-2005-2997 | Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote atta... | E | |
| CVE-2005-2998 | PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows r... | E | |
| CVE-2005-2999 | PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain sensitive PHP configuration inf... | |