Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1546 | 1 Ht Editor | 1 Ht Editor | 2008-09-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file. | |||||
| CVE-2005-1545 | 1 Ht Editor | 1 Ht Editor | 2008-09-10 | 5.1 MEDIUM | N/A |
| Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow. | |||||
| CVE-2005-1430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 3.6 LOW | N/A |
| Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users. | |||||
| CVE-2005-1344 | 1 Apache | 1 Http Server | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
| CVE-2005-1316 | 1 Horde | 1 Accounts | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-0926 | 1 Sylpheed | 1 Sylpheed | 2008-09-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names. | |||||
| CVE-2005-0712 | 1 Apple | 1 Mac Os X | 2008-09-10 | 4.6 MEDIUM | N/A |
| Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles. | |||||
| CVE-2005-0643 | 1 Mcafee | 1 Antivirus Engine | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files. | |||||
| CVE-2005-0508 | 1 Apache | 1 Batik | 2008-09-10 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue." | |||||
| CVE-2005-0503 | 2 Mandrakesoft, Uim | 2 Mandrake Linux, Uim | 2008-09-10 | 4.6 MEDIUM | N/A |
| uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges. | |||||
| CVE-2005-0411 | 1 Citrusdb | 1 Citrusdb | 2008-09-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter. | |||||
| CVE-2005-0410 | 1 Citrusdb | 1 Citrusdb | 2008-09-10 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file. | |||||
| CVE-2005-0409 | 1 Citrusdb | 1 Citrusdb | 2008-09-10 | 6.4 MEDIUM | N/A |
| CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities. | |||||
| CVE-2005-0407 | 1 Zakon Group | 1 Openconf | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title. | |||||
| CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2008-09-10 | 6.4 MEDIUM | N/A |
| phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | |||||
| CVE-2005-0258 | 1 Phpbb Group | 1 Phpbb | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | |||||
| CVE-2005-0218 | 1 Clam Anti-virus | 1 Clamav | 2008-09-10 | 5.0 MEDIUM | N/A |
| ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL. | |||||
| CVE-2005-0157 | 1 Smartlist | 1 Smartlist | 2008-09-10 | 7.5 HIGH | N/A |
| The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned. | |||||
| CVE-2005-0133 | 1 Clam Anti-virus | 1 Clamav | 2008-09-10 | 5.0 MEDIUM | N/A |
| ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers. | |||||
| CVE-2005-0002 | 1 Gentoo | 1 Poppassd Pam | 2008-09-10 | 10.0 HIGH | N/A |
| poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users. | |||||