Lista CVE - 2005 / Novembre
Visualizzazione 101 - 200 di 702 CVE per Novembre 2005 (Pagina 2 di 8)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2005-3482 | 2005-11-03 | Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow... |
| CVE-2005-3483 | 2005-11-03 | Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size. |
| CVE-2005-3484 | 2005-11-03 | Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and... |
| CVE-2005-3485 | 2005-11-03 | Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote attackers to execute arbitrary code via a gl_playerEnter command with a long player name. |
| CVE-2005-3486 | 2005-11-03 | Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, and possibly other... |
| CVE-2005-3487 | 2005-11-03 | Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command... |
| CVE-2005-3488 | 2005-11-03 | Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a denial of service (long loop and server hang) via a negative numplayers value that bypasses a signed check... |
| CVE-2005-2974 | 2005-11-04 | libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference. |
| CVE-2005-3350 | 2005-11-04 | libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write. |
| CVE-2005-3489 | 2005-11-04 | Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string. |
| CVE-2005-3490 | 2005-11-04 | Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL." |
| CVE-2005-3491 | 2005-11-04 | Multiple buffer overflows in the receiver function in loop.c in FlatFrag 0.3 and earlier allow remote attackers to execute arbitrary code via the (1) version, (2) name, and (3) model... |
| CVE-2005-3492 | 2005-11-04 | FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an NT_CONN_OK command from a client that is not connected, which triggers a null... |
| CVE-2005-3493 | 2005-11-04 | Battle Carry .005 and earlier allows remote attackers to cause a denial of service (inaccessible port) via a large packet, which triggers a socket error and terminates the socket that... |
| CVE-2005-3494 | 2005-11-04 | Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment. |
| CVE-2005-3495 | 2005-11-04 | Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies. |
| CVE-2005-3496 | 2005-11-04 | Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector... |
| CVE-2005-3497 | 2005-11-04 | SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying "this... |
| CVE-2005-3498 | 2005-11-04 | IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace... |
| CVE-2005-3499 | 2005-11-04 | Frisk F-Prot Antivirus allows remote attackers to bypass protection via a ZIP file with a version header greater than 15, which prevents F-Prot from decompressing and analyzing the file. |
| CVE-2005-2628 | 2005-11-05 | Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array... |
| CVE-2005-2753 | 2005-11-05 | Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a... |
| CVE-2005-2754 | 2005-11-05 | Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes." |
| CVE-2005-2755 | 2005-11-05 | Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference. |
| CVE-2005-2756 | 2005-11-05 | Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion. |
| CVE-2005-3303 | 2005-11-05 | The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file. |
| CVE-2005-3500 | 2005-11-05 | The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in... |
| CVE-2005-3501 | 2005-11-05 | The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted... |
| CVE-2005-3502 | 2005-11-05 | attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter. |
| CVE-2005-3503 | 2005-11-05 | chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges. |
| CVE-2005-3504 | 2005-11-05 | Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code. |
| CVE-2005-3505 | 2005-11-05 | Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript... |
| CVE-2005-3506 | 2005-11-05 | Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote... |
| CVE-2005-3124 | 2005-11-06 | syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file. |
| CVE-2005-3507 | 2005-11-06 | Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2)... |
| CVE-2005-3508 | 2005-11-06 | SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter. |
| CVE-2005-3509 | 2005-11-06 | Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php. |
| CVE-2005-3510 | 2005-11-06 | Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has... |
| CVE-2005-3511 | 2005-11-06 | Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter... |
| CVE-2005-3512 | 2005-11-06 | Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action. |
| CVE-2005-3513 | 2005-11-06 | index.php in VUBB alpha rc1 allows remote attackers to obtain the installation path of the application via a viewforum action with the f parameter set to a single quote ('). |
| CVE-2005-3514 | 2005-11-06 | Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php,... |
| CVE-2005-3515 | 2005-11-06 | Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter. |
| CVE-2005-3516 | 2005-11-06 | Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter. |
| CVE-2005-3517 | 2005-11-06 | Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that... |
| CVE-2005-3518 | 2005-11-06 | SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter. |
| CVE-2005-3519 | 2005-11-06 | Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in... |
| CVE-2005-3520 | 2005-11-06 | Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in... |
| CVE-2005-3521 | 2005-11-06 | SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter... |
| CVE-2005-3522 | 2005-11-06 | Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. |
| CVE-2005-3523 | 2005-11-07 | Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field. |
| CVE-2005-3524 | 2005-11-07 | Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command. |
| CVE-2005-3527 | 2005-11-09 | Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local users to cause a denial of service by triggering a core dump in one thread while another thread... |
| CVE-2002-2127 | 2005-11-16 | Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a... |
| CVE-2002-2129 | 2005-11-16 | Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back... |
| CVE-2002-2133 | 2005-11-16 | Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password. |
| CVE-2002-2134 | 2005-11-16 | haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code... |
| CVE-2003-1234 | 2005-11-16 | Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls... |
| CVE-2003-1236 | 2005-11-16 | Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog. |
| CVE-2003-1237 | 2005-11-16 | Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post. |
| CVE-2003-1239 | 2005-11-16 | Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter. |
| CVE-2003-1240 | 2005-11-16 | PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3)... |
| CVE-2003-1241 | 2005-11-16 | Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter... |
| CVE-2003-1243 | 2005-11-16 | Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter. |
| CVE-2003-1244 | 2005-11-16 | SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter... |
| CVE-2003-1245 | 2005-11-16 | index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. |
| CVE-2003-1247 | 2005-11-16 | Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and... |
| CVE-2003-1248 | 2005-11-16 | H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request. |
| CVE-2003-1249 | 2005-11-16 | WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions. |
| CVE-2003-1250 | 2005-11-16 | Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of... |
| CVE-2003-1251 | 2005-11-16 | The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references... |
| CVE-2003-1252 | 2005-11-16 | register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the... |
| CVE-2003-1253 | 2005-11-16 | PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php. |
| CVE-2003-1255 | 2005-11-16 | add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter. |
| CVE-2003-1260 | 2005-11-16 | Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command. |
| CVE-2003-1261 | 2005-11-16 | Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard. |
| CVE-2003-1262 | 2005-11-16 | Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL... |
| CVE-2003-1263 | 2005-11-16 | ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name. |
| CVE-2003-1264 | 2005-11-16 | TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator... |
| CVE-2003-1265 | 2005-11-16 | Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. |
| CVE-2003-1267 | 2005-11-16 | GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1. |
| CVE-2003-1268 | 2005-11-16 | Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state,... |
| CVE-2003-1272 | 2005-11-16 | Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist... |
| CVE-2003-1273 | 2005-11-16 | Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters. |
| CVE-2003-1274 | 2005-11-16 | Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as... |
| CVE-2003-1279 | 2005-11-16 | S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID... |
| CVE-2003-1282 | 2005-11-16 | IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN),... |
| CVE-2004-2540 | 2005-11-16 | readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized... |
| CVE-2005-2659 | 2005-11-16 | Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors. |
| CVE-2005-3344 | 2005-11-16 | The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. |
| CVE-2005-3543 | 2005-11-16 | SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. |
| CVE-2005-3544 | 2005-11-16 | Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| CVE-2005-3545 | 2005-11-16 | SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. |
| CVE-2005-3546 | 2005-11-16 | suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain... |
| CVE-2005-3547 | 2005-11-16 | Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in... |
| CVE-2005-3548 | 2005-11-16 | Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To... |
| CVE-2005-3549 | 2005-11-16 | Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run"... |
| CVE-2005-3550 | 2005-11-16 | Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter. |
| CVE-2005-3551 | 2005-11-16 | toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML... |
| CVE-2005-3552 | 2005-11-16 | Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3)... |