|
350801
|
3.7 |
LOW
|
gnu
|
coreutils
|
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
|
NVD-CWE-Other
|
CVE-2005-1039
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350802
|
7.2 |
HIGH
|
novell
|
linux_desktop
|
Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."
|
NVD-CWE-Other
|
CVE-2005-1040
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350803
|
5.0 |
MEDIUM
|
logwatch
redhat
|
logwatch
enterprise_linux
linux_advanced_workstation
|
The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expre…
|
NVD-CWE-Other
|
CVE-2005-1061
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350804
|
5.0 |
MEDIUM
|
kerio
|
kerio_mailserver
personal_firewall
winroute_firewall
|
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consu…
|
NVD-CWE-Other
|
CVE-2005-1063
|
2008-09-6 05:48 |
2005-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350805
|
2.1 |
LOW
|
novell
|
linux_desktop
|
tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory.
|
NVD-CWE-Other
|
CVE-2005-1065
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350806
|
1.2 |
LOW
|
university_of_washington
|
pine
|
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.
|
NVD-CWE-Other
|
CVE-2005-1066
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350807
|
7.5 |
HIGH
|
access_user_class
|
access_user_class
|
Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new".
|
NVD-CWE-Other
|
CVE-2005-1067
|
2008-09-6 05:48 |
2005-04-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350808
|
4.3 |
MEDIUM
|
punbb
|
punbb
|
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML.
|
NVD-CWE-Other
|
CVE-2005-1072
|
2008-09-6 05:48 |
2005-04-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350809
|
4.3 |
MEDIUM
|
webct
|
webct
|
Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field.
|
NVD-CWE-Other
|
CVE-2005-1076
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350810
|
5.0 |
MEDIUM
|
aewebworks
|
aedating
|
index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter.
|
NVD-CWE-Other
|
CVE-2005-1083
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350811
|
7.5 |
HIGH
|
aewebworks
|
aedating
|
SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter.
|
NVD-CWE-Other
|
CVE-2005-1084
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350812
|
4.3 |
MEDIUM
|
-
|
-
|
Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML.
|
NVD-CWE-Other
|
CVE-2005-1085
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350813
|
5.0 |
MEDIUM
|
dc\+\+
|
dc\+\+
|
Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files.
|
NVD-CWE-Other
|
CVE-2005-1089
|
2008-09-6 05:48 |
2005-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350814
|
7.5 |
HIGH
|
-
|
-
|
Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page.
|
NVD-CWE-Other
|
CVE-2005-1091
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350815
|
7.2 |
HIGH
|
light_speed_technology
|
deluxeftp
|
Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.
|
NVD-CWE-Other
|
CVE-2005-1092
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350816
|
4.6 |
MEDIUM
|
rebrand
|
p2p_share_spy
|
Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the txtPassword value in the registry, which allows local users to gain privileges.
|
NVD-CWE-Other
|
CVE-2005-1097
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350817
|
7.2 |
HIGH
|
mcafee
|
internet_security_suite
|
McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files.
|
NVD-CWE-Other
|
CVE-2005-1107
|
2008-09-6 05:48 |
2005-04-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350818
|
2.1 |
LOW
|
todd_miller
|
sudo
|
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.
|
NVD-CWE-Other
|
CVE-2005-1119
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350819
|
5.1 |
MEDIUM
|
avaya
|
libsafe
|
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die func…
|
NVD-CWE-Other
|
CVE-2005-1125
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350820
|
7.5 |
HIGH
|
virtual_hosting_control_system
|
virtual_hosting_control_system
|
Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries.
|
NVD-CWE-Other
|
CVE-2005-1128
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350821
|
10.0 |
HIGH
|
symantec_veritas
|
i3_focalpoint_server
|
Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact.
|
NVD-CWE-Other
|
CVE-2005-1131
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350822
|
5.0 |
MEDIUM
|
kerio
|
kerio_mailserver
|
Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages.
|
NVD-CWE-Other
|
CVE-2005-1138
|
2008-09-6 05:48 |
2005-04-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350823
|
4.3 |
MEDIUM
|
mywebland
|
mybloggie
|
Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments.
|
NVD-CWE-Other
|
CVE-2005-1140
|
2008-09-6 05:48 |
2005-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350824
|
4.3 |
MEDIUM
|
easyphpcalendar
|
easyphpcalendar
|
Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter.
|
NVD-CWE-Other
|
CVE-2005-1143
|
2008-09-6 05:48 |
2005-04-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350825
|
5.0 |
MEDIUM
|
easyphpcalendar
|
easyphpcalendar
|
popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message.
|
NVD-CWE-Other
|
CVE-2005-1144
|
2008-09-6 05:48 |
2005-04-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350826
|
5.0 |
MEDIUM
|
easyphpcalendar
|
easyphpcalendar
|
Version 6.2.8 and above are fixed.
|
NVD-CWE-Other
|
CVE-2005-1144
|
2008-09-6 05:48 |
2005-04-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350827
|
7.5 |
HIGH
|
-
|
-
|
SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
|
NVD-CWE-Other
|
CVE-2005-1149
|
2008-09-6 05:48 |
2005-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350828
|
5.0 |
MEDIUM
|
sun
|
java_system_web_server
|
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).
|
NVD-CWE-Other
|
CVE-2005-1150
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350829
|
7.2 |
HIGH
|
debian
|
qpopper
|
qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root.
|
NVD-CWE-Other
|
CVE-2005-1151
|
2008-09-6 05:48 |
2005-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350830
|
2.1 |
LOW
|
debian
|
qpopper
|
popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.
|
NVD-CWE-Other
|
CVE-2005-1152
|
2008-09-6 05:48 |
2005-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350831
|
4.3 |
MEDIUM
|
jaws
|
jaws
|
Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description.
|
NVD-CWE-Other
|
CVE-2005-1231
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350832
|
5.0 |
MEDIUM
|
phpbb_group
|
phpbb-auction
|
auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message.
|
NVD-CWE-Other
|
CVE-2005-1235
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350833
|
5.0 |
MEDIUM
|
phpbb_group
|
phpbb-auction
|
Fixed updated version on http://www.phpbb-auction.com/
|
NVD-CWE-Other
|
CVE-2005-1235
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350834
|
7.5 |
HIGH
|
duware
|
duportal
|
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2)…
|
NVD-CWE-Other
|
CVE-2005-1236
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350835
|
10.0 |
HIGH
|
vladislav_bogdanov
|
snmppd
|
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format strin…
|
NVD-CWE-Other
|
CVE-2005-1246
|
2008-09-6 05:48 |
2005-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350836
|
5.0 |
MEDIUM
|
novell
|
nsure_audit
|
webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exp…
|
NVD-CWE-Other
|
CVE-2005-1247
|
2008-09-6 05:48 |
2004-01-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350837
|
7.5 |
HIGH
|
ipswitch
|
whatsup
|
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the…
|
NVD-CWE-Other
|
CVE-2005-1250
|
2008-09-6 05:48 |
2005-06-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350838
|
10.0 |
HIGH
|
mysql
|
maxdb
|
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a …
|
NVD-CWE-Other
|
CVE-2005-1274
|
2008-09-6 05:48 |
2005-04-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350839
|
5.0 |
MEDIUM
|
ethereal_group
|
ethereal
|
Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
|
NVD-CWE-Other
|
CVE-2005-1281
|
2008-09-6 05:48 |
2005-04-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350840
|
7.5 |
HIGH
|
inter7
|
sqwebmail
|
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
|
NVD-CWE-Other
|
CVE-2005-1308
|
2008-09-6 05:48 |
2005-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350841
|
4.3 |
MEDIUM
|
eaden_mckee
|
bblog
|
Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text.
|
NVD-CWE-Other
|
CVE-2005-1309
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350842
|
7.5 |
HIGH
|
eaden_mckee
|
bblog
|
SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
|
NVD-CWE-Other
|
CVE-2005-1310
|
2008-09-6 05:48 |
2005-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350843
|
4.3 |
MEDIUM
|
yappa-ng
|
yappa-ng
|
Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
NVD-CWE-Other
|
CVE-2005-1311
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350844
|
7.5 |
HIGH
|
yappa-ng
|
yappa-ng
|
PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors.
|
NVD-CWE-Other
|
CVE-2005-1312
|
2008-09-6 05:48 |
2005-04-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350845
|
4.3 |
MEDIUM
|
horde
|
passwd
|
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
NVD-CWE-Other
|
CVE-2005-1313
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350846
|
4.3 |
MEDIUM
|
horde
|
kronolith
|
Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
NVD-CWE-Other
|
CVE-2005-1314
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350847
|
4.3 |
MEDIUM
|
horde
|
turba
|
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
NVD-CWE-Other
|
CVE-2005-1315
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350848
|
6.8 |
MEDIUM
|
horde
|
chora
|
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
NVD-CWE-Other
|
CVE-2005-1317
|
2008-09-6 05:48 |
2005-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350849
|
4.3 |
MEDIUM
|
horde
|
forwards
|
Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
NVD-CWE-Other
|
CVE-2005-1318
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350850
|
4.3 |
MEDIUM
|
horde
|
imp
|
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
NVD-CWE-Other
|
CVE-2005-1319
|
2008-09-6 05:48 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
