CVE List - 2005 / May
Showing 401 - 500 of 856 CVEs for May 2005 (Page 5 of 9)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2004-1999 | 2005-05-10 | Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid... |
| CVE-2004-2000 | 2005-05-10 | SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php. |
| CVE-2004-2001 | 2005-05-10 | ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received. |
| CVE-2004-2002 | 2005-05-10 | Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote attackers to cause a denial of service via a certain UDP packet. |
| CVE-2004-2003 | 2005-05-10 | Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1)... |
| CVE-2004-2004 | 2005-05-10 | The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH. |
| CVE-2004-2005 | 2005-05-10 | Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the... |
| CVE-2004-2006 | 2005-05-10 | Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection. |
| CVE-2004-2007 | 2005-05-10 | Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView... |
| CVE-2004-2008 | 2005-05-10 | SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter. |
| CVE-2004-2009 | 2005-05-10 | NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a direct call to mainfunctions.php, (2) an invalid jokeid parameter in a... |
| CVE-2004-2010 | 2005-05-10 | PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on... |
| CVE-2004-2011 | 2005-05-10 | msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error,... |
| CVE-2004-2012 | 2005-05-10 | The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting... |
| CVE-2004-2013 | 2005-05-10 | Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1,... |
| CVE-2004-2014 | 2005-05-10 | Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. |
| CVE-2004-2015 | 2005-05-10 | Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags. |
| CVE-2004-2016 | 2005-05-10 | Stack-based buffer overflow in the HTTP server in NetChat 7.3 and earlier allows remote attackers to execute arbitrary code via a long GET request. |
| CVE-2004-2017 | 2005-05-10 | Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to... |
| CVE-2004-2018 | 2005-05-10 | PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on... |
| CVE-2004-2019 | 2005-05-10 | The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. |
| CVE-2004-2020 | 2005-05-10 | Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2)... |
| CVE-2004-2021 | 2005-05-10 | Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument. |
| CVE-2004-2022 | 2005-05-10 | ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code... |
| CVE-2004-2023 | 2005-05-10 | SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2)... |
| CVE-2004-2025 | 2005-05-10 | SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter. |
| CVE-2004-2026 | 2005-05-10 | Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages. |
| CVE-2004-2027 | 2005-05-10 | Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read. |
| CVE-2004-2028 | 2005-05-10 | Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. |
| CVE-2004-2029 | 2005-05-10 | The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with... |
| CVE-2004-2030 | 2005-05-10 | Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject. |
| CVE-2004-2031 | 2005-05-10 | Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. |
| CVE-2004-2032 | 2005-05-10 | Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences. |
| CVE-2004-2033 | 2005-05-10 | Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. |
| CVE-2004-2034 | 2005-05-10 | Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename. |
| CVE-2004-2035 | 2005-05-10 | MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing CRLF sequences. |
| CVE-2004-2036 | 2005-05-10 | SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter. |
| CVE-2004-2037 | 2005-05-10 | Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as... |
| CVE-2004-2038 | 2005-05-10 | Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php,... |
| CVE-2004-2039 | 2005-05-10 | e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the... |
| CVE-2004-2040 | 2005-05-10 | Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a... |
| CVE-2004-2041 | 2005-05-10 | PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote... |
| CVE-2004-2042 | 2005-05-10 | Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php,... |
| CVE-2004-2043 | 2005-05-10 | Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of... |
| CVE-2004-2044 | 2005-05-10 | PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP... |
| CVE-2004-2045 | 2005-05-10 | The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long... |
| CVE-2004-2046 | 2005-05-10 | Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors. |
| CVE-2004-2047 | 2005-05-10 | Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter. |
| CVE-2004-2048 | 2005-05-10 | radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to... |
| CVE-2004-2049 | 2005-05-10 | eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access. |
| CVE-2004-2050 | 2005-05-10 | eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell. |
| CVE-2004-2051 | 2005-05-10 | The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL. |
| CVE-2004-2052 | 2005-05-10 | eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing. |
| CVE-2004-2053 | 2005-05-10 | PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter. |
| CVE-2004-2054 | 2005-05-10 | CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter... |
| CVE-2004-2055 | 2005-05-10 | Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter. |
| CVE-2004-2056 | 2005-05-10 | SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter. |
| CVE-2004-2057 | 2005-05-10 | SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements. |
| CVE-2004-2058 | 2005-05-10 | ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages. |
| CVE-2004-2059 | 2005-05-10 | Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3)... |
| CVE-2004-2060 | 2005-05-10 | ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename,... |
| CVE-2004-2061 | 2005-05-10 | RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a... |
| CVE-2004-2062 | 2005-05-10 | SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters. |
| CVE-2004-2063 | 2005-05-10 | Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter. |
| CVE-2004-2064 | 2005-05-10 | Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields. |
| CVE-2004-2065 | 2005-05-10 | DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename. |
| CVE-2004-2066 | 2005-05-10 | SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies. |
| CVE-2004-2067 | 2005-05-10 | SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or... |
| CVE-2005-0039 | 2005-05-10 | Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications... |
| CVE-2003-1134 | 2005-05-10 | Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a... |
| CVE-2003-1135 | 2005-05-10 | Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters... |
| CVE-2003-1138 | 2005-05-10 | The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is... |
| CVE-2003-1146 | 2005-05-10 | Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. |
| CVE-2003-1161 | 2005-05-10 | exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4... |
| CVE-2003-1170 | 2005-05-10 | Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers... |
| CVE-2004-1780 | 2005-05-10 | Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts. |
| CVE-2004-1781 | 2005-05-10 | Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command. |
| CVE-2004-1783 | 2005-05-10 | Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot). |
| CVE-2004-1788 | 2005-05-10 | ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb. |
| CVE-2004-1791 | 2005-05-10 | The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows... |
| CVE-2004-1795 | 2005-05-10 | Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI. |
| CVE-2004-1891 | 2005-05-10 | The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged. |
| CVE-2004-2024 | 2005-05-10 | The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php. |
| CVE-2005-1513 | 2005-05-11 | Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service... |
| CVE-2005-1261 | 2005-05-11 | Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL. |
| CVE-2005-1262 | 2005-05-11 | Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message. |
| CVE-2005-1263 | 2005-05-11 | The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that,... |
| CVE-2005-1478 | 2005-05-11 | Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command. |
| CVE-2005-1479 | 2005-05-11 | SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2005-1480 | 2005-05-11 | Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command. |
| CVE-2005-1481 | 2005-05-11 | Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp. |
| CVE-2005-1482 | 2005-05-11 | ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie. |
| CVE-2005-1483 | 2005-05-11 | Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5)... |
| CVE-2005-1484 | 2005-05-11 | Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in... |
| CVE-2005-1485 | 2005-05-11 | Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the... |
| CVE-2005-1486 | 2005-05-11 | Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or... |
| CVE-2005-1487 | 2005-05-11 | Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the... |
| CVE-2005-1488 | 2005-05-11 | Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail... |
| CVE-2005-1489 | 2005-05-11 | Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html,... |
| CVE-2005-1490 | 2005-05-11 | Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter... |