CVE List - 2005 / August
Showing 401 - 500 of 577 CVEs for August 2005 (Page 5 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2005-2520 | 2005-08-19 | The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant... |
| CVE-2005-2521 | 2005-08-19 | Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors. |
| CVE-2005-2525 | 2005-08-19 | CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service... |
| CVE-2005-2526 | 2005-08-19 | CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection. |
| CVE-2005-2621 | 2005-08-19 | index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an... |
| CVE-2005-2622 | 2005-08-19 | Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter. |
| CVE-2005-2623 | 2005-08-19 | ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to... |
| CVE-2005-2624 | 2005-08-19 | Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an... |
| CVE-2005-2625 | 2005-08-19 | Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in... |
| CVE-2005-2626 | 2005-08-19 | Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID. |
| CVE-2005-2627 | 2005-08-19 | Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to... |
| CVE-2005-2504 | 2005-08-19 | The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could... |
| CVE-2005-2507 | 2005-08-19 | Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. |
| CVE-2005-2508 | 2005-08-19 | dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts. |
| CVE-2005-2511 | 2005-08-19 | Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window. |
| CVE-2005-2512 | 2005-08-19 | Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy... |
| CVE-2005-2516 | 2005-08-19 | Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to... |
| CVE-2005-2517 | 2005-08-19 | Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to... |
| CVE-2005-2519 | 2005-08-19 | slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges. |
| CVE-2005-2522 | 2005-08-19 | Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via... |
| CVE-2005-2523 | 2005-08-19 | Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CVE-2004-2435 | 2005-08-20 | Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified... |
| CVE-2004-2436 | 2005-08-20 | Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges. |
| CVE-2004-2437 | 2005-08-20 | SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to... |
| CVE-2004-2438 | 2005-08-20 | Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field. |
| CVE-2004-2439 | 2005-08-20 | The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware. |
| CVE-2004-2440 | 2005-08-20 | Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users. |
| CVE-2004-2441 | 2005-08-20 | Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue." |
| CVE-2004-2442 | 2005-08-20 | Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and... |
| CVE-2004-2443 | 2005-08-20 | Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is... |
| CVE-2004-2444 | 2005-08-20 | Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
| CVE-2004-2445 | 2005-08-20 | Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter. |
| CVE-2004-2446 | 2005-08-20 | Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbitrary files via a ".." (dot dot) sequences in unknown vectors. |
| CVE-2004-2447 | 2005-08-20 | Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index... |
| CVE-2004-2448 | 2005-08-20 | S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name. |
| CVE-2004-2449 | 2005-08-20 | Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attackers to cause a denial of service (application crash) via a long, malformed UDP datagram. |
| CVE-2004-2450 | 2005-08-20 | The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows... |
| CVE-2004-2451 | 2005-08-20 | Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep" bug. |
| CVE-2004-2452 | 2005-08-20 | Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library. |
| CVE-2004-2453 | 2005-08-20 | Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors. |
| CVE-2004-2454 | 2005-08-20 | aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. |
| CVE-2004-2455 | 2005-08-20 | Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and... |
| CVE-2004-2456 | 2005-08-20 | SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action. |
| CVE-2004-2457 | 2005-08-20 | Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows remote attackers to cause a denial of service (crash) via a large amount of UDP traffic. |
| CVE-2004-2458 | 2005-08-20 | Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories. |
| CVE-2004-2460 | 2005-08-20 | Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list. |
| CVE-2004-2461 | 2005-08-20 | Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code. |
| CVE-2004-2462 | 2005-08-20 | cplay 1.49 on Linux allows local users to overwrite arbitrary files via a symlink attack on the cplay_control temporary file. |
| CVE-2004-2463 | 2005-08-20 | Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attackers to cause a denial of service (web server crash) or execute arbitrary code via a long GET request. |
| CVE-2004-2464 | 2005-08-20 | Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f"). NOTE: it was later reported that... |
| CVE-2004-2465 | 2005-08-20 | Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| CVE-2004-2466 | 2005-08-20 | chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it... |
| CVE-2004-2467 | 2005-08-20 | chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a large number of fake users, then eventually cause a denial of service (server crash). |
| CVE-2004-2468 | 2005-08-20 | Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
| CVE-2004-2469 | 2005-08-20 | Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1.01 and earlier allows attackers to modify or delete reservations. |
| CVE-2004-2470 | 2005-08-20 | Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins. |
| CVE-2004-2471 | 2005-08-20 | SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. |
| CVE-2004-2472 | 2005-08-20 | Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough... |
| CVE-2004-2473 | 2005-08-20 | wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| CVE-2004-2474 | 2005-08-20 | SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php. |
| CVE-2004-2475 | 2005-08-20 | Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration... |
| CVE-2004-2476 | 2005-08-20 | Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. |
| CVE-2005-0357 | 2005-08-20 | EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote... |
| CVE-2005-0358 | 2005-08-20 | EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying... |
| CVE-2005-0359 | 2005-08-20 | The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands,... |
| CVE-2005-2631 | 2005-08-20 | Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass... |
| CVE-2005-2632 | 2005-08-20 | SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the User field. |
| CVE-2005-2633 | 2005-08-20 | Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary... |
| CVE-2005-2634 | 2005-08-20 | Buffer overflow in the Log-SCR function in the "Log to Screen" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute... |
| CVE-2005-2635 | 2005-08-20 | Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) layerstyle parameter to adlayer.php or... |
| CVE-2005-2636 | 2005-08-20 | SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the clientid parameter. |
| CVE-2005-2637 | 2005-08-20 | Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the... |
| CVE-2005-2638 | 2005-08-20 | Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2)... |
| CVE-2005-2639 | 2005-08-20 | Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. |
| CVE-2005-2640 | 2005-08-20 | Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE... |
| CVE-2004-2459 | 2005-08-20 | Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table. |
| CVE-2004-2477 | 2005-08-21 | DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found... |
| CVE-2004-2478 | 2005-08-21 | Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products,... |
| CVE-2004-2479 | 2005-08-21 | Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously... |
| CVE-2004-2480 | 2005-08-21 | Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. |
| CVE-2004-2481 | 2005-08-21 | MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing... |
| CVE-2004-2482 | 2005-08-21 | Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag... |
| CVE-2004-2483 | 2005-08-21 | Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service... |
| CVE-2005-2641 | 2005-08-21 | Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this... |
| CVE-2005-2642 | 2005-08-21 | Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext. |
| CVE-2005-2643 | 2005-08-21 | Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the... |
| CVE-2005-2645 | 2005-08-21 | Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication. |
| CVE-2005-2646 | 2005-08-21 | Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial... |
| CVE-2005-2647 | 2005-08-21 | Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject... |
| CVE-2005-2648 | 2005-08-21 | Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter. |
| CVE-2005-2649 | 2005-08-21 | Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php. |
| CVE-2005-2650 | 2005-08-21 | Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. |
| CVE-2005-2651 | 2005-08-21 | gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter. |
| CVE-2005-2652 | 2005-08-21 | Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8)... |
| CVE-2005-2653 | 2005-08-21 | Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message. |
| CVE-2005-2644 | 2005-08-21 | Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Jtext field. |
| CVE-2005-2098 | 2005-08-22 | The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to... |
| CVE-2005-2099 | 2005-08-22 | The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel... |
| CVE-2005-2457 | 2005-08-22 | The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a... |
| CVE-2005-2458 | 2005-08-22 | inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables". |