CVE List - 2005 / August
Showing 1 - 100 of 577 CVEs for August 2005 (Page 1 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2005-2409 | 2005-08-01 | Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly... |
| CVE-2005-2410 | 2005-08-01 | Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is... |
| CVE-2005-2411 | 2005-08-01 | Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a... |
| CVE-2005-2132 | 2005-08-03 | RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple... |
| CVE-2005-2346 | 2005-08-03 | Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value... |
| CVE-2005-2412 | 2005-08-03 | PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter. |
| CVE-2005-2413 | 2005-08-03 | PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter. |
| CVE-2005-2414 | 2005-08-03 | Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via... |
| CVE-2005-2415 | 2005-08-03 | Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to... |
| CVE-2005-2416 | 2005-08-03 | Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2)... |
| CVE-2005-2417 | 2005-08-03 | Contrexx before 1.0.5 allows remote attackers to obtain sensitive information via a direct request to /config/version.xml. |
| CVE-2005-2419 | 2005-08-03 | B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg. |
| CVE-2005-2420 | 2005-08-03 | flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request. |
| CVE-2005-2421 | 2005-08-03 | Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter. |
| CVE-2005-2422 | 2005-08-03 | Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum allows remote attackers to inject arbitrary web script or HTML via the webtag parameter. |
| CVE-2005-2423 | 2005-08-03 | Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri or sort_by parameter to index.php or a direct request to (2) admin.php, (3) attachments.inc.php, (4) banned.inc.php,... |
| CVE-2005-2424 | 2005-08-03 | The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication... |
| CVE-2005-2425 | 2005-08-03 | Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2)... |
| CVE-2005-2426 | 2005-08-03 | FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command. |
| CVE-2005-2427 | 2005-08-03 | Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
| CVE-2005-2428 | 2005-08-03 | Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML... |
| CVE-2005-2429 | 2005-08-03 | Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office. |
| CVE-2005-2430 | 2005-08-03 | Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id... |
| CVE-2005-2431 | 2005-08-03 | The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows... |
| CVE-2005-2432 | 2005-08-03 | SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin. |
| CVE-2005-2433 | 2005-08-03 | PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7)... |
| CVE-2005-2434 | 2005-08-03 | Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. |
| CVE-2005-2435 | 2005-08-03 | Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web script or HTML via the dir parameter. |
| CVE-2005-2436 | 2005-08-03 | browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to... |
| CVE-2005-2437 | 2005-08-03 | Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code. |
| CVE-2005-2438 | 2005-08-03 | Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value. |
| CVE-2005-2439 | 2005-08-03 | SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function. |
| CVE-2005-2440 | 2005-08-03 | SQL injection vulnerability in login.asp in Thomson Web Skill Vantage Manager allows remote attackers to execute arbitrary SQL commands via the svmPassword parameter. |
| CVE-2005-2441 | 2005-08-03 | Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php. |
| CVE-2005-2442 | 2005-08-03 | Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196 allows remote attackers to inject Javascript from one application into another. |
| CVE-2005-2443 | 2005-08-03 | Kshout 2.x and 3.x stores settings.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. |
| CVE-2005-2444 | 2005-08-03 | Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local... |
| CVE-2005-2445 | 2005-08-03 | SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows remote attackers to execute arbitrary SQL commands via the idcategory parameter. |
| CVE-2005-2448 | 2005-08-03 | Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems. |
| CVE-2005-2449 | 2005-08-03 | Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp. |
| CVE-2005-2450 | 2005-08-03 | Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges... |
| CVE-2005-2451 | 2005-08-03 | Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and... |
| CVE-2005-2452 | 2005-08-03 | libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero... |
| CVE-2005-1853 | 2005-08-03 | gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges. |
| CVE-2003-1219 | 2005-08-04 | Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter. |
| CVE-2004-2286 | 2005-08-04 | Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger... |
| CVE-2004-2289 | 2005-08-04 | Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated... |
| CVE-2004-2290 | 2005-08-04 | Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically... |
| CVE-2004-2292 | 2005-08-04 | Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server. |
| CVE-2004-2293 | 2005-08-04 | Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to... |
| CVE-2004-2295 | 2005-08-04 | SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter. |
| CVE-2004-2296 | 2005-08-04 | The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which... |
| CVE-2004-2297 | 2005-08-04 | The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter. |
| CVE-2005-2453 | 2005-08-04 | Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query... |
| CVE-2005-2455 | 2005-08-04 | Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using... |
| CVE-2005-2456 | 2005-08-04 | Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code... |
| CVE-2004-2287 | 2005-08-04 | Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter. |
| CVE-2004-2288 | 2005-08-04 | Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. |
| CVE-2004-2291 | 2005-08-04 | Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the... |
| CVE-2004-2294 | 2005-08-04 | Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in... |
| CVE-2001-1575 | 2005-08-05 | Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due... |
| CVE-2001-1577 | 2005-08-05 | Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused. |
| CVE-2001-1580 | 2005-08-05 | Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string. |
| CVE-2002-2092 | 2005-08-05 | Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a... |
| CVE-2002-2093 | 2005-08-05 | The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is set to "Output Video", allows attackers to access a console session by running videoout then videoin. |
| CVE-2002-2097 | 2005-08-05 | The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets. |
| CVE-2002-2098 | 2005-08-05 | Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets. |
| CVE-2002-2099 | 2005-08-05 | Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is... |
| CVE-2002-2104 | 2005-08-05 | graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function. |
| CVE-2002-2105 | 2005-08-05 | Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. |
| CVE-2002-2106 | 2005-08-05 | PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php. |
| CVE-2002-2111 | 2005-08-05 | Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet. |
| CVE-2002-2114 | 2005-08-05 | Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arbitrary code on the web server, possibly via the section parameter, which is passed to an eval call. |
| CVE-2002-2118 | 2005-08-05 | Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL. |
| CVE-2002-2121 | 2005-08-05 | SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote attackers to cause a denial of service (crash) via a long SMTP (1) HELO or (2) RCPT TO command, possibly due... |
| CVE-2004-2299 | 2005-08-05 | Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header. |
| CVE-2004-2300 | 2005-08-05 | Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is... |
| CVE-2004-2301 | 2005-08-05 | Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow. |
| CVE-2005-1268 | 2005-08-05 | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process... |
| CVE-2005-1272 | 2005-08-05 | Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long... |
| CVE-2005-1761 | 2005-08-05 | Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function. |
| CVE-2005-1767 | 2005-08-05 | traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault... |
| CVE-2005-1854 | 2005-08-05 | Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server. |
| CVE-2005-2353 | 2005-08-05 | run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. |
| CVE-2005-2471 | 2005-08-05 | pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows... |
| CVE-2005-2472 | 2005-08-05 | Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands. |
| CVE-2005-2473 | 2005-08-05 | Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6)... |
| CVE-2005-2474 | 2005-08-05 | ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an... |
| CVE-2005-2475 | 2005-08-05 | Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are... |
| CVE-2005-2476 | 2005-08-05 | Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter. |
| CVE-2005-2477 | 2005-08-05 | shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "'" (single quote), which reveals the path in an error message, possibly... |
| CVE-2005-2478 | 2005-08-05 | SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel. |
| CVE-2005-2479 | 2005-08-05 | Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial of service (application crash or CPU consumption) via a long USER command. |
| CVE-2005-2480 | 2005-08-05 | Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page,... |
| CVE-2005-2481 | 2005-08-05 | ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?"... |
| CVE-2001-1573 | 2005-08-05 | Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter. |
| CVE-2001-1574 | 2005-08-05 | Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code. |
| CVE-2001-1576 | 2005-08-05 | Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument. |
| CVE-2001-1578 | 2005-08-05 | Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors. |
| CVE-2001-1579 | 2005-08-05 | The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service. |