|
364801
|
7.2 |
HIGH
|
netbsd
|
netbsd
|
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause …
|
NVD-CWE-Other
|
CVE-2005-4776
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364802
|
7.2 |
HIGH
|
netbsd
|
netbsd
|
this vulnerbaility is addressed in the following product versions:
NetBSD, NetBSD, 2.0.3, and higher
|
NVD-CWE-Other
|
CVE-2005-4776
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364803
|
4.9 |
MEDIUM
|
tashcom
|
aspedit
|
Tashcom ASPEdit 2.9 stores the administration password (aka the FTP password) in cleartext in the registry, which might allow local users to view the password.
|
NVD-CWE-Other
|
CVE-2005-4777
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364804
|
2.1 |
LOW
|
-
|
-
|
The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," which allows local users to suspend the computer and possibly perform certain other unauthorized ac…
|
NVD-CWE-Other
|
CVE-2005-4778
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364805
|
2.1 |
LOW
|
-
|
-
|
This vulnerablility is addressed in the following product release:
SUSE, Linux, 10.0 2005-10-07
|
NVD-CWE-Other
|
CVE-2005-4778
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364806
|
3.6 |
LOW
|
netbsd
|
netbsd
|
verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow lo…
|
NVD-CWE-Other
|
CVE-2005-4779
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364807
|
4.9 |
MEDIUM
|
netbsd
|
netbsd
|
NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is compiled with "options DIAGNOSTIC," allows local users to cause a denial of service (kernel assertion panic) via a negative linger…
|
NVD-CWE-Other
|
CVE-2005-4782
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364808
|
2.1 |
LOW
|
netbsd
|
netbsd
|
kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory.
|
NVD-CWE-Other
|
CVE-2005-4783
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364809
|
5.6 |
MEDIUM
|
austin_group
|
posix
|
Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack th…
|
NVD-CWE-Other
|
CVE-2005-4784
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364810
|
2.1 |
LOW
|
suse
|
suse_linux
|
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices."
|
NVD-CWE-Other
|
CVE-2005-4788
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364811
|
2.1 |
LOW
|
suse
|
suse_linux
|
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restr…
|
NVD-CWE-Other
|
CVE-2005-4789
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364812
|
7.5 |
HIGH
|
phpwebsite
|
phpwebsite
|
SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the p…
|
NVD-CWE-Other
|
CVE-2005-4792
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364813
|
7.5 |
HIGH
|
hitachi
|
cm2-network_node_manager jp1-cm2-network_node_manager_250
|
Multiple unspecified vulnerabilities in the web utility function in Hitachi Cm2/Network Node Manager and JP1/Cm2/Network Node Manager before 20050930 allow attackers to execute arbitrary commands, di…
|
NVD-CWE-Other
|
CVE-2005-4793
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364814
|
5.0 |
MEDIUM
|
sun
|
java_system_application_server
|
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers t…
|
NVD-CWE-Other
|
CVE-2005-4805
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364815
|
7.5 |
HIGH
|
middlebury_college
|
segue_cms
|
Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PH…
|
NVD-CWE-Other
|
CVE-2005-4814
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364816
|
7.5 |
HIGH
|
proftpd_project
|
proftpd
|
Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
|
NVD-CWE-Other
|
CVE-2005-4816
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364817
|
7.5 |
HIGH
|
copernicus
|
europa
|
Multiple SQL injection vulnerabilities in Copernicus Europa allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the det…
|
NVD-CWE-Other
|
CVE-2005-4818
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364818
|
7.5 |
HIGH
|
glen_campbell
|
siteframe
|
PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the LOCAL_PATH parameter, a different vulnerabi…
|
NVD-CWE-Other
|
CVE-2005-4824
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364819
|
5.0 |
MEDIUM
|
claymore_systems_inc
|
puretls
|
PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates.
|
NVD-CWE-Other
|
CVE-2005-4839
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364820
|
4.3 |
MEDIUM
|
spey
|
spey
|
Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call.
|
CWE-20
不適切な入力確認
|
CVE-2005-4846
|
2008-09-6 05:57 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364821
|
4.6 |
MEDIUM
|
appfluent_technology
|
database_ids
|
Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable.
|
NVD-CWE-Other
|
CVE-2005-4076
|
2008-09-6 05:56 |
2005-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364822
|
7.5 |
HIGH
|
realnetworks
|
realplayer
|
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPla…
|
NVD-CWE-Other
|
CVE-2005-4126
|
2008-09-6 05:56 |
2005-12-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364823
|
7.5 |
HIGH
|
realnetworks
|
realplayer
|
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPla…
|
NVD-CWE-Other
|
CVE-2005-4130
|
2008-09-6 05:56 |
2005-12-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364824
|
7.5 |
HIGH
|
adaptive_technology_resource_centre
|
atutor
|
registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NO…
|
NVD-CWE-Other
|
CVE-2005-4155
|
2008-09-6 05:56 |
2005-12-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364825
|
9.4 |
HIGH
|
mambo
|
mambo_open_source_4.5
|
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query …
|
NVD-CWE-Other
|
CVE-2005-4156
|
2008-09-6 05:56 |
2005-12-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364826
|
4.3 |
MEDIUM
|
efiction_project
|
efiction
|
Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php.
|
NVD-CWE-Other
|
CVE-2005-4167
|
2008-09-6 05:56 |
2005-12-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364827
|
7.5 |
HIGH
|
efiction_project
|
efiction
|
Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the …
|
NVD-CWE-Other
|
CVE-2005-4168
|
2008-09-6 05:56 |
2005-12-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364828
|
7.5 |
HIGH
|
efiction_project
|
efiction
|
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .ph…
|
NVD-CWE-Other
|
CVE-2005-4171
|
2008-09-6 05:56 |
2005-12-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364829
|
5.0 |
MEDIUM
|
efiction_project
|
efiction
|
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error m…
|
NVD-CWE-Other
|
CVE-2005-4172
|
2008-09-6 05:56 |
2005-12-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364830
|
5.0 |
MEDIUM
|
efiction_project
|
efiction
|
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.
|
NVD-CWE-Other
|
CVE-2005-4173
|
2008-09-6 05:56 |
2005-12-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364831
|
7.5 |
HIGH
|
-
|
-
|
eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear…
|
NVD-CWE-Other
|
CVE-2005-4174
|
2008-09-6 05:56 |
2005-12-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364832
|
4.3 |
MEDIUM
|
logisphere
|
logisphere
|
Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original rese…
|
NVD-CWE-Other
|
CVE-2005-4204
|
2008-09-6 05:56 |
2005-12-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364833
|
4.3 |
MEDIUM
|
asp-dev
|
xm_forum
|
Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of th…
|
NVD-CWE-Other
|
CVE-2005-4256
|
2008-09-6 05:56 |
2005-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364834
|
7.8 |
HIGH
|
linksys
|
befw11s4 befw11s4_v3 befw11s4_v4 wrt54gs
|
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LA…
|
NVD-CWE-Other
|
CVE-2005-4257
|
2008-09-6 05:56 |
2005-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364835
|
7.5 |
HIGH
|
alt-n
|
mdaemon worldclient
|
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to pe…
|
NVD-CWE-Other
|
CVE-2005-4266
|
2008-09-6 05:56 |
2005-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364836
|
7.8 |
HIGH
|
microsoft
|
ie windows_2003_server windows_xp
|
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at…
|
NVD-CWE-Other
|
CVE-2005-4269
|
2008-09-6 05:56 |
2005-12-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364837
|
7.8 |
HIGH
|
scientific_atlanta
|
dpx2100_cable_modem
|
Scientific Atlanta DPX2100 Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag s…
|
NVD-CWE-Other
|
CVE-2005-4275
|
2008-09-6 05:56 |
2005-12-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364838
|
7.8 |
HIGH
|
westell
|
versalink
|
Westell Versalink 327W allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). N…
|
NVD-CWE-Other
|
CVE-2005-4276
|
2008-09-6 05:56 |
2005-12-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364839
|
7.8 |
HIGH
|
-
|
-
|
AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request.
|
NVD-CWE-Other
|
CVE-2005-4296
|
2008-09-6 05:56 |
2005-12-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364840
|
7.5 |
HIGH
|
john_andersson
|
zixforum
|
SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.…
|
NVD-CWE-Other
|
CVE-2005-4334
|
2008-09-6 05:56 |
2005-12-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364841
|
7.5 |
HIGH
|
blackboard
|
academic_suite
|
The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileg…
|
NVD-CWE-Other
|
CVE-2005-4337
|
2008-09-6 05:56 |
2005-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364842
|
10.0 |
HIGH
|
blackboard
|
academic_suite
|
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setti…
|
NVD-CWE-Other
|
CVE-2005-4338
|
2008-09-6 05:56 |
2005-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364843
|
4.3 |
MEDIUM
|
blackboard
|
academic_suite
|
Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitr…
|
NVD-CWE-Other
|
CVE-2005-4339
|
2008-09-6 05:56 |
2005-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364844
|
5.0 |
MEDIUM
|
blackboard
|
academic_suite
|
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id par…
|
NVD-CWE-Other
|
CVE-2005-4341
|
2008-09-6 05:56 |
2005-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364845
|
4.3 |
MEDIUM
|
icms_content_management_systems
|
icms
|
Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is…
|
NVD-CWE-Other
|
CVE-2005-4396
|
2008-09-6 05:56 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364846
|
7.5 |
HIGH
|
icms_content_management_systems
|
icms
|
SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter.
|
NVD-CWE-Other
|
CVE-2005-4397
|
2008-09-6 05:56 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364847
|
7.5 |
HIGH
|
media2_cms
|
media2_cms_shop
|
SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x allows remote attackers to execute arbitrary SQL commands via the item parameter. NOTE: the provenance of this issue is unknown; th…
|
NVD-CWE-Other
|
CVE-2005-4404
|
2008-09-6 05:56 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364848
|
2.1 |
LOW
|
citrix
|
program_neighborhood_client
|
Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the…
|
NVD-CWE-Other
|
CVE-2005-4412
|
2008-09-6 05:56 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364849
|
4.3 |
MEDIUM
|
ibm
|
websphere_application_server
|
Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address fi…
|
NVD-CWE-Other
|
CVE-2005-4413
|
2008-09-6 05:56 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364850
|
10.0 |
HIGH
|
open_lab
|
teamwork
|
Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."
|
NVD-CWE-Other
|
CVE-2005-4414
|
2008-09-6 05:56 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|