CVE List - 2005 / April
Showing 401 - 500 of 506 CVEs for April 2005 (Page 5 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2005-1229 | 2005-04-22 | Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. |
| CVE-2005-1230 | 2005-04-22 | Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in a GET request." |
| CVE-2005-0135 | 2005-04-24 | The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash). |
| CVE-2005-0137 | 2005-04-24 | Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry." |
| CVE-2005-0754 | 2005-04-24 | Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. |
| CVE-2005-1231 | 2005-04-24 | Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description. |
| CVE-2005-1232 | 2005-04-24 | Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors. |
| CVE-2005-1233 | 2005-04-24 | Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters. |
| CVE-2005-1234 | 2005-04-24 | Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php. |
| CVE-2005-1235 | 2005-04-24 | auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. |
| CVE-2005-1236 | 2005-04-24 | Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData... |
| CVE-2005-1237 | 2005-04-24 | SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. |
| CVE-2005-1238 | 2005-04-24 | By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases,... |
| CVE-2005-1239 | 2005-04-24 | Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib,... |
| CVE-2005-1240 | 2005-04-24 | Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib,... |
| CVE-2005-1241 | 2005-04-24 | Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib,... |
| CVE-2005-1242 | 2005-04-24 | Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib,... |
| CVE-2005-1243 | 2005-04-24 | Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib,... |
| CVE-2005-1244 | 2005-04-24 | Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib,... |
| CVE-2005-1245 | 2005-04-24 | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CVE-2005-1192 | 2005-04-25 | Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the... |
| CVE-2005-1246 | 2005-04-25 | Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format... |
| CVE-2005-1247 | 2005-04-25 | webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using... |
| CVE-2004-1077 | 2005-04-26 | Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a... |
| CVE-2004-1078 | 2005-04-26 | Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to... |
| CVE-2005-0684 | 2005-04-26 | Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter... |
| CVE-2005-1275 | 2005-04-26 | Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with... |
| CVE-2005-1278 | 2005-04-26 | The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using... |
| CVE-2005-1279 | 2005-04-26 | tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2)... |
| CVE-2005-1280 | 2005-04-26 | The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. |
| CVE-2005-1282 | 2005-04-26 | Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag,... |
| CVE-2005-1283 | 2005-04-26 | Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy... |
| CVE-2005-1284 | 2005-04-26 | The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a... |
| CVE-2005-1285 | 2005-04-26 | Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter. |
| CVE-2005-1286 | 2005-04-26 | Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the... |
| CVE-2005-1287 | 2005-04-26 | Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3)... |
| CVE-2005-1288 | 2005-04-26 | inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie. |
| CVE-2005-1289 | 2005-04-26 | index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters. |
| CVE-2005-1290 | 2005-04-26 | Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter... |
| CVE-2005-1291 | 2005-04-26 | Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4)... |
| CVE-2005-1292 | 2005-04-26 | Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect... |
| CVE-2005-1293 | 2005-04-26 | Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or... |
| CVE-2005-1294 | 2005-04-26 | The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as... |
| CVE-2005-1295 | 2005-04-26 | include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. |
| CVE-2005-1296 | 2005-04-26 | include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. |
| CVE-2005-1297 | 2005-04-26 | Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. |
| CVE-2005-1298 | 2005-04-26 | The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. |
| CVE-2005-1299 | 2005-04-26 | The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. |
| CVE-2005-1300 | 2005-04-26 | Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. |
| CVE-2005-1301 | 2005-04-26 | nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files. |
| CVE-2005-1302 | 2005-04-26 | SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. |
| CVE-2005-1303 | 2005-04-26 | The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. |
| CVE-2005-1304 | 2005-04-26 | The citat.pl script allows remote attackers to execute arbitrary files via shell metacharacters in the argument. |
| CVE-2005-1305 | 2005-04-26 | The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. |
| CVE-2005-1274 | 2005-04-26 | Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a... |
| CVE-2005-1281 | 2005-04-26 | Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. |
| CVE-2002-1658 | 2005-04-27 | Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and... |
| CVE-2005-1309 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text. |
| CVE-2005-1310 | 2005-04-27 | SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter. |
| CVE-2005-1311 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CVE-2005-1312 | 2005-04-27 | PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. |
| CVE-2005-1313 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| CVE-2005-1314 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| CVE-2005-1315 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| CVE-2005-1316 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| CVE-2005-1317 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| CVE-2005-1318 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| CVE-2005-1319 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| CVE-2005-1320 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| CVE-2005-1321 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| CVE-2005-1322 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| CVE-2005-1323 | 2005-04-27 | Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command. |
| CVE-2005-1324 | 2005-04-27 | Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters. |
| CVE-2005-1325 | 2005-04-27 | set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter. |
| CVE-2005-1326 | 2005-04-27 | Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote authenticated attackers to cause a denial of service (client crash) via a crafted packet. |
| CVE-2005-1328 | 2005-04-27 | OneWorldStore allows remote attackers to cause a denial of service (application crash) via a direct request to owConnections/chksettings.asp. |
| CVE-2005-1329 | 2005-04-27 | owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter. |
| CVE-2005-1344 | 2005-04-27 | Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid... |
| CVE-2004-1342 | 2005-04-27 | CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method. |
| CVE-2004-1343 | 2005-04-27 | CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to... |
| CVE-2005-1308 | 2005-04-27 | SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. |
| CVE-2005-1327 | 2005-04-27 | Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter. |
| CVE-2005-1270 | 2005-04-28 | The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink... |
| CVE-2005-1345 | 2005-04-28 | Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended... |
| CVE-2005-1346 | 2005-04-28 | Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail... |
| CVE-2005-1347 | 2005-04-28 | ** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause... |
| CVE-2005-1348 | 2005-04-28 | Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header. |
| CVE-2005-1349 | 2005-04-28 | Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. |
| CVE-2005-1350 | 2005-04-28 | The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. |
| CVE-2005-1351 | 2005-04-28 | The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. |
| CVE-2005-1352 | 2005-04-28 | Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. |
| CVE-2005-1353 | 2005-04-28 | The forum.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. |
| CVE-2005-1354 | 2005-04-28 | The forum.pl script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. |
| CVE-2005-1355 | 2005-04-28 | includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801. |
| CVE-2005-1356 | 2005-04-28 | Cross-site scripting (XSS) vulnerability in includer.cgi script in The Includer allows remote attackers to inject arbitrary web script or HTML via the argument. |
| CVE-2005-1357 | 2005-04-28 | text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. |
| CVE-2005-1358 | 2005-04-28 | text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. |
| CVE-2005-1359 | 2005-04-28 | Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. |
| CVE-2005-1360 | 2005-04-28 | PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote... |
| CVE-2005-1361 | 2005-04-28 | Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp. |