Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3687 | 1 Whm Autopilot | 1 Whm Autopilot | 2008-09-05 | 5.0 MEDIUM | N/A |
| cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter. | |||||
| CVE-2005-3668 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. | |||||
| CVE-2005-3667 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. In addition, since "denial of service" is an impact and not a vulnerability, it is unknown which underlying vulnerabilities are actually covered by this particular candidate. | |||||
| CVE-2005-3666 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. | |||||
| CVE-2005-3643 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 7.5 HIGH | N/A |
| IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. | |||||
| CVE-2005-3642 | 1 Ibm | 1 Informix Dynamic Database Server | 2008-09-05 | 7.5 HIGH | N/A |
| IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. | |||||
| CVE-2005-3641 | 1 Oracle | 5 Database Server, Database Server Lite, Oracle10g and 2 more | 2008-09-05 | 7.5 HIGH | N/A |
| Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. | |||||
| CVE-2005-3630 | 1 Redhat | 1 Fedora Core | 2008-09-05 | 5.0 MEDIUM | N/A |
| Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives. | |||||
| CVE-2005-3621 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. | |||||
| CVE-2005-3540 | 1 Petris | 1 Petris | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors. | |||||
| CVE-2005-3537 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. | |||||
| CVE-2005-3536 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | |||||
| CVE-2005-3535 | 1 Ketm | 1 Ketm | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-3495 | 1 Ar-blog | 1 Ar-blog | 2008-09-05 | 7.5 HIGH | N/A |
| Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies. | |||||
| CVE-2005-3494 | 1 Ar-blog | 1 Ar-blog | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment. | |||||
| CVE-2005-3480 | 1 Ringtail | 1 Casebook | 2008-09-05 | 5.0 MEDIUM | N/A |
| login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | |||||
| CVE-2005-3479 | 1 Ringtail | 1 Casebook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in Ringtail CaseBook 6.1.0 allows remote attackers to inject arbitrary web script or HTML via the users parameter. | |||||
| CVE-2005-3477 | 1 Invision Power Services | 1 Invision Gallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery. | |||||
| CVE-2005-3474 | 1 Sony | 1 First4internet Xcp Content Management | 2008-09-05 | 4.6 MEDIUM | N/A |
| The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP. | |||||
| CVE-2005-3426 | 1 Cisco | 1 Content Services Switch 11500 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation. | |||||