CVE List - 2005 / July
Showing 401 - 500 of 588 CVEs for July 2005 (Page 5 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2002-2082 | 2005-07-14 | FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users. |
| CVE-2002-2083 | 2005-07-14 | The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched... |
| CVE-2002-2084 | 2005-07-14 | Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters. |
| CVE-2002-2085 | 2005-07-14 | Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. |
| CVE-2005-2277 | 2005-07-15 | Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. |
| CVE-2005-1174 | 2005-07-16 | MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes... |
| CVE-2004-2213 | 2005-07-17 | Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request. |
| CVE-2004-2214 | 2005-07-17 | Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters. |
| CVE-2004-2215 | 2005-07-17 | RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. |
| CVE-2004-2216 | 2005-07-17 | Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause... |
| CVE-2004-2217 | 2005-07-17 | Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors. |
| CVE-2004-2218 | 2005-07-17 | SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter. |
| CVE-2004-2219 | 2005-07-17 | Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back... |
| CVE-2004-2220 | 2005-07-17 | F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection. |
| CVE-2004-2221 | 2005-07-17 | Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request. |
| CVE-2004-2222 | 2005-07-17 | Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter. |
| CVE-2004-2223 | 2005-07-17 | FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize... |
| CVE-2004-2224 | 2005-07-17 | Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1. |
| CVE-2004-2225 | 2005-07-17 | Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the... |
| CVE-2004-2226 | 2005-07-17 | Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style... |
| CVE-2004-2227 | 2005-07-17 | Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. |
| CVE-2004-2228 | 2005-07-17 | Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. |
| CVE-2004-2229 | 2005-07-17 | Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. |
| CVE-2004-2230 | 2005-07-17 | Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. |
| CVE-2004-2231 | 2005-07-17 | Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files. |
| CVE-2004-2232 | 2005-07-17 | SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. |
| CVE-2004-2233 | 2005-07-17 | Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors. |
| CVE-2004-2235 | 2005-07-17 | Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text. |
| CVE-2004-2238 | 2005-07-17 | Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants... |
| CVE-2004-2239 | 2005-07-17 | Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code. |
| CVE-2004-2240 | 2005-07-17 | Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. |
| CVE-2004-2241 | 2005-07-17 | Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file... |
| CVE-2004-2242 | 2005-07-17 | Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. |
| CVE-2004-2243 | 2005-07-17 | Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was... |
| CVE-2004-2244 | 2005-07-17 | The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later,... |
| CVE-2004-2245 | 2005-07-17 | Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php. |
| CVE-2004-2248 | 2005-07-17 | Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions." |
| CVE-2004-2249 | 2005-07-17 | Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. |
| CVE-2004-2250 | 2005-07-17 | Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. |
| CVE-2004-2251 | 2005-07-17 | The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks. |
| CVE-2004-2252 | 2005-07-17 | The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. |
| CVE-2004-2253 | 2005-07-17 | Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. |
| CVE-2004-2254 | 2005-07-17 | SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken... |
| CVE-2004-2255 | 2005-07-17 | Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a... |
| CVE-2004-2256 | 2005-07-17 | Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. |
| CVE-2004-2257 | 2005-07-17 | phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request. |
| CVE-2005-1175 | 2005-07-17 | Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly... |
| CVE-2005-1689 | 2005-07-17 | Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. |
| CVE-2005-2195 | 2005-07-17 | Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an... |
| CVE-2005-2278 | 2005-07-17 | Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name. |
| CVE-2005-2279 | 2005-07-17 | Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data. |
| CVE-2005-2280 | 2005-07-17 | Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet. |
| CVE-2005-2282 | 2005-07-17 | Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors. |
| CVE-2005-2285 | 2005-07-17 | WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical... |
| CVE-2005-2287 | 2005-07-17 | SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow. |
| CVE-2005-2288 | 2005-07-17 | Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter. |
| CVE-2005-2289 | 2005-07-17 | PHPCounter 7.2 allows remote attackers to obtain sensitive information via a direct request to prelims.php, which reveals the path in an error message. |
| CVE-2005-2290 | 2005-07-17 | wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables. |
| CVE-2005-2291 | 2005-07-17 | Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. |
| CVE-2005-2292 | 2005-07-17 | Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information. |
| CVE-2005-2293 | 2005-07-17 | Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information. |
| CVE-2005-2294 | 2005-07-17 | Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a... |
| CVE-2005-2295 | 2005-07-17 | NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size. |
| CVE-2005-2296 | 2005-07-17 | YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path. |
| CVE-2004-2234 | 2005-07-17 | Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. |
| CVE-2004-2236 | 2005-07-17 | Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting. |
| CVE-2004-2237 | 2005-07-17 | Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." |
| CVE-2004-2246 | 2005-07-17 | Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php. |
| CVE-2004-2247 | 2005-07-17 | Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors. |
| CVE-2005-1914 | 2005-07-17 | CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file. |
| CVE-2005-2281 | 2005-07-17 | WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. |
| CVE-2005-2283 | 2005-07-17 | WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via... |
| CVE-2005-2284 | 2005-07-17 | Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors. |
| CVE-2005-2286 | 2005-07-17 | WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource. |
| CVE-2004-2258 | 2005-07-19 | Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original... |
| CVE-2004-2259 | 2005-07-19 | vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant. |
| CVE-2004-2260 | 2005-07-19 | Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via... |
| CVE-2004-2261 | 2005-07-19 | Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions. |
| CVE-2004-2262 | 2005-07-19 | ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload... |
| CVE-2004-2263 | 2005-07-19 | SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie. |
| CVE-2004-2264 | 2005-07-19 | Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary... |
| CVE-2004-2265 | 2005-07-19 | UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact. |
| CVE-2004-2266 | 2005-07-19 | SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter. |
| CVE-2004-2267 | 2005-07-19 | Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name. |
| CVE-2004-2268 | 2005-07-19 | PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php. |
| CVE-2004-2269 | 2005-07-19 | Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is... |
| CVE-2004-2270 | 2005-07-19 | Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code. |
| CVE-2004-2271 | 2005-07-19 | Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. |
| CVE-2004-2272 | 2005-07-19 | Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command. |
| CVE-2004-2274 | 2005-07-19 | Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI. |
| CVE-2004-2275 | 2005-07-19 | i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter. |
| CVE-2004-2276 | 2005-07-19 | F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a... |
| CVE-2004-2277 | 2005-07-19 | Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response. |
| CVE-2004-2278 | 2005-07-19 | Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors. |
| CVE-2004-2279 | 2005-07-19 | Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php. |
| CVE-2004-2280 | 2005-07-19 | Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets,... |
| CVE-2004-2281 | 2005-07-19 | Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and... |
| CVE-2004-2284 | 2005-07-19 | The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. |
| CVE-2005-1530 | 2005-07-19 | Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large... |
| CVE-2005-1850 | 2005-07-19 | Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916. |