CVE List - 2005 / November
Showing 401 - 500 of 702 CVEs for November 2005 (Page 5 of 8)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2005-3687 | 2005-11-19 | cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter. |
| CVE-2005-3694 | 2005-11-20 | centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1... |
| CVE-2004-2541 | 2005-11-20 | Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by... |
| CVE-2004-2542 | 2005-11-20 | Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored... |
| CVE-2004-2543 | 2005-11-20 | Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or... |
| CVE-2004-2544 | 2005-11-20 | Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information. |
| CVE-2005-3346 | 2005-11-20 | Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form... |
| CVE-2005-3351 | 2005-11-20 | SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. |
| CVE-2005-3354 | 2005-11-20 | Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines. |
| CVE-2004-2545 | 2005-11-20 | Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might... |
| CVE-2005-2709 | 2005-11-20 | The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in... |
| CVE-2005-3528 | 2005-11-20 | Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter. |
| CVE-2005-3529 | 2005-11-20 | tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. |
| CVE-2005-3530 | 2005-11-20 | Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document. |
| CVE-2005-3695 | 2005-11-20 | Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter. |
| CVE-2005-3696 | 2005-11-20 | SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action (view.php) to index.php. |
| CVE-2004-2546 | 2005-11-21 | Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). |
| CVE-2004-2547 | 2005-11-21 | NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or... |
| CVE-2004-2548 | 2005-11-21 | Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the... |
| CVE-2004-2549 | 2005-11-21 | Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string,... |
| CVE-2004-2550 | 2005-11-21 | Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target... |
| CVE-2004-2551 | 2005-11-21 | Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3)... |
| CVE-2004-2552 | 2005-11-21 | Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. NOTE: since the program is not setuid and... |
| CVE-2004-2553 | 2005-11-21 | The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the... |
| CVE-2004-2554 | 2005-11-21 | Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using... |
| CVE-2004-2555 | 2005-11-21 | Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users... |
| CVE-2004-2556 | 2005-11-21 | NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. |
| CVE-2004-2557 | 2005-11-21 | NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. |
| CVE-2004-2558 | 2005-11-21 | Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller... |
| CVE-2005-3715 | 2005-11-21 | Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause... |
| CVE-2005-3716 | 2005-11-21 | The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain... |
| CVE-2005-3717 | 2005-11-21 | The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to... |
| CVE-2005-3718 | 2005-11-21 | UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513,... |
| CVE-2005-3719 | 2005-11-21 | Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration. |
| CVE-2005-3720 | 2005-11-21 | The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions. |
| CVE-2005-3721 | 2005-11-21 | The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration. |
| CVE-2005-3722 | 2005-11-21 | The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials. |
| CVE-2005-3723 | 2005-11-21 | Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using... |
| CVE-2005-3724 | 2005-11-21 | Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090,... |
| CVE-2005-3725 | 2005-11-21 | Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel... |
| CVE-2005-3726 | 2005-11-21 | SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows remote attackers to execute arbitrary SQL commands via the Query parameter. |
| CVE-2005-3729 | 2005-11-21 | Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html. |
| CVE-2005-3731 | 2005-11-21 | Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing." |
| CVE-2005-3697 | 2005-11-21 | Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php. |
| CVE-2005-3698 | 2005-11-21 | PHP Easy Download allows remote attackers to bypass authentication via edit.php. |
| CVE-2005-3699 | 2005-11-21 | Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a... |
| CVE-2005-3727 | 2005-11-21 | SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. |
| CVE-2005-3728 | 2005-11-21 | Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information. |
| CVE-2005-3730 | 2005-11-21 | Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and... |
| CVE-2005-3632 | 2005-11-21 | Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file. |
| CVE-2005-3732 | 2005-11-21 | The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null... |
| CVE-2005-2339 | 2005-11-21 | Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2005-3733 | 2005-11-21 | The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote... |
| CVE-2005-3734 | 2005-11-22 | Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username,... |
| CVE-2005-3735 | 2005-11-22 | Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id... |
| CVE-2005-3736 | 2005-11-22 | Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp,... |
| CVE-2005-3737 | 2005-11-22 | Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values. |
| CVE-2003-1284 | 2005-11-22 | Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe. |
| CVE-2003-1285 | 2005-11-22 | Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2)... |
| CVE-2003-1286 | 2005-11-22 | HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface... |
| CVE-2003-1287 | 2005-11-22 | Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which... |
| CVE-2004-2559 | 2005-11-22 | DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks. |
| CVE-2004-2560 | 2005-11-22 | DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate... |
| CVE-2004-2561 | 2005-11-22 | Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more... |
| CVE-2004-2562 | 2005-11-22 | SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2004-2563 | 2005-11-22 | Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll... |
| CVE-2004-2564 | 2005-11-22 | Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via... |
| CVE-2004-2565 | 2005-11-22 | Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default,... |
| CVE-2004-2566 | 2005-11-22 | Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via... |
| CVE-2004-2567 | 2005-11-22 | Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID... |
| CVE-2004-2569 | 2005-11-22 | ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file. |
| CVE-2004-2570 | 2005-11-22 | Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a... |
| CVE-2004-2571 | 2005-11-22 | Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7)... |
| CVE-2004-2572 | 2005-11-22 | AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup... |
| CVE-2004-2568 | 2005-11-22 | Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user id, (2) recipe id, (3) category id, and... |
| CVE-2005-3738 | 2005-11-22 | globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the... |
| CVE-2005-3739 | 2005-11-22 | Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors. |
| CVE-2005-3740 | 2005-11-22 | Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php. |
| CVE-2005-3742 | 2005-11-22 | Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter. |
| CVE-2005-3743 | 2005-11-22 | SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter. |
| CVE-2005-3744 | 2005-11-22 | SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code... |
| CVE-2005-3745 | 2005-11-22 | Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly... |
| CVE-2005-3746 | 2005-11-22 | SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter. |
| CVE-2005-3747 | 2005-11-22 | Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might... |
| CVE-2005-3748 | 2005-11-22 | SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. |
| CVE-2005-3749 | 2005-11-22 | Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors. |
| CVE-2005-3741 | 2005-11-22 | Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions. |
| CVE-2005-3750 | 2005-11-22 | Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line... |
| CVE-2005-3751 | 2005-11-22 | HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting... |
| CVE-2005-3752 | 2005-11-22 | Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction". |
| CVE-2005-3753 | 2005-11-22 | Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher... |
| CVE-2005-3754 | 2005-11-22 | Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the... |
| CVE-2005-3755 | 2005-11-22 | Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style... |
| CVE-2005-3756 | 2005-11-22 | Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages... |
| CVE-2005-3757 | 2005-11-22 | The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods... |
| CVE-2005-3758 | 2005-11-22 | Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a... |
| CVE-2005-3759 | 2005-11-22 | Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do... |
| CVE-2005-3760 | 2005-11-22 | Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND). |
| CVE-2005-3761 | 2005-11-22 | Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form... |
| CVE-2005-3762 | 2005-11-22 | SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter. |