Lista CVE - 2005 / Novembre
Visualizzazione 201 - 300 di 702 CVE per Novembre 2005 (Pagina 3 di 8)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2005-3553 | 2005-11-16 | Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php... |
| CVE-2005-3554 | 2005-11-16 | Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown... |
| CVE-2005-3555 | 2005-11-16 | Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or... |
| CVE-2005-3556 | 2005-11-16 | Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title... |
| CVE-2005-3557 | 2005-11-16 | Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST... |
| CVE-2005-3558 | 2005-11-16 | PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters. |
| CVE-2005-3559 | 2005-11-16 | Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter. |
| CVE-2005-3560 | 2005-11-16 | Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to... |
| CVE-2005-3564 | 2005-11-16 | envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors. |
| CVE-2005-3565 | 2005-11-16 | Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors. |
| CVE-2005-3566 | 2005-11-16 | Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent,... |
| CVE-2005-3567 | 2005-11-16 | slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack... |
| CVE-2005-3568 | 2005-11-16 | db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file,... |
| CVE-2005-3569 | 2005-11-16 | INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH... |
| CVE-2005-3570 | 2005-11-16 | Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". |
| CVE-2005-3571 | 2005-11-16 | PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary... |
| CVE-2005-3572 | 2005-11-16 | SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. |
| CVE-2005-3573 | 2005-11-16 | Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). |
| CVE-2005-3574 | 2005-11-16 | PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter. |
| CVE-2005-3575 | 2005-11-16 | SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2005-3576 | 2005-11-16 | ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter. |
| CVE-2005-3577 | 2005-11-16 | Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter. |
| CVE-2005-3578 | 2005-11-16 | SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter. |
| CVE-2005-3579 | 2005-11-16 | ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring. |
| CVE-2005-3580 | 2005-11-16 | QDBM before 1.8.33-r2 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path... |
| CVE-2005-3581 | 2005-11-16 | GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path... |
| CVE-2005-3582 | 2005-11-16 | ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path... |
| CVE-2005-3583 | 2005-11-16 | (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive)... |
| CVE-2005-3584 | 2005-11-16 | Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter. |
| CVE-2005-3585 | 2005-11-16 | SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter. |
| CVE-2005-3586 | 2005-11-16 | content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. |
| CVE-2005-3587 | 2005-11-16 | Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors. |
| CVE-2005-3588 | 2005-11-16 | SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field. |
| CVE-2005-3589 | 2005-11-16 | Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command. |
| CVE-2005-3591 | 2005-11-16 | Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code... |
| CVE-2005-3592 | 2005-11-16 | index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../... |
| CVE-2005-3594 | 2005-11-16 | game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. |
| CVE-2005-3595 | 2005-11-16 | By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. |
| CVE-2005-3596 | 2005-11-16 | SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp. |
| CVE-2002-2125 | 2005-11-16 | Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository,... |
| CVE-2002-2126 | 2005-11-16 | restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time. |
| CVE-2002-2128 | 2005-11-16 | editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter. |
| CVE-2002-2130 | 2005-11-16 | publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. |
| CVE-2002-2131 | 2005-11-16 | Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument. |
| CVE-2002-2132 | 2005-11-16 | Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files... |
| CVE-2003-1235 | 2005-11-16 | BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory. |
| CVE-2003-1238 | 2005-11-16 | Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1)... |
| CVE-2003-1242 | 2005-11-16 | Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message. |
| CVE-2003-1246 | 2005-11-16 | NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command. |
| CVE-2003-1254 | 2005-11-16 | Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL... |
| CVE-2003-1256 | 2005-11-16 | aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php. |
| CVE-2003-1257 | 2005-11-16 | find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo. |
| CVE-2003-1258 | 2005-11-16 | activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid. |
| CVE-2003-1259 | 2005-11-16 | Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner. |
| CVE-2003-1266 | 2005-11-16 | The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via... |
| CVE-2003-1269 | 2005-11-16 | AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an... |
| CVE-2003-1270 | 2005-11-16 | AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or... |
| CVE-2003-1271 | 2005-11-16 | Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script. |
| CVE-2003-1275 | 2005-11-16 | Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function. |
| CVE-2003-1276 | 2005-11-16 | Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized... |
| CVE-2003-1277 | 2005-11-16 | Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting... |
| CVE-2003-1278 | 2005-11-16 | Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script... |
| CVE-2003-1280 | 2005-11-16 | Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads. |
| CVE-2003-1281 | 2005-11-16 | cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files. |
| CVE-2003-1283 | 2005-11-16 | KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet Explorer (IE) local security zone, which could allow remote attackers to view local files and possibly execute arbitrary code. |
| CVE-2005-3621 | 2005-11-16 | CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. |
| CVE-2005-3622 | 2005-11-16 | phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. |
| CVE-2000-1238 | 2005-11-16 | BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash)... |
| CVE-2002-2138 | 2005-11-16 | RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on... |
| CVE-2002-2141 | 2005-11-16 | BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers... |
| CVE-2002-2142 | 2005-11-16 | An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0... |
| CVE-2002-2143 | 2005-11-16 | The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of... |
| CVE-2002-2153 | 2005-11-16 | Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. |
| CVE-2002-2159 | 2005-11-16 | Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are... |
| CVE-2002-2171 | 2005-11-16 | Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL. |
| CVE-2002-2175 | 2005-11-16 | phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username... |
| CVE-2002-2177 | 2005-11-16 | BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could... |
| CVE-2002-2185 | 2005-11-16 | The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group... |
| CVE-2002-2196 | 2005-11-16 | Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack. |
| CVE-2002-2200 | 2005-11-16 | Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4)... |
| CVE-2002-2207 | 2005-11-16 | Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret. |
| CVE-2005-3633 | 2005-11-16 | HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. |
| CVE-2005-3634 | 2005-11-16 | frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a... |
| CVE-2005-3635 | 2005-11-16 | Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd... |
| CVE-2005-3636 | 2005-11-16 | Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. |
| CVE-2005-3638 | 2005-11-16 | Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts. |
| CVE-2005-3639 | 2005-11-16 | PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to... |
| CVE-2005-3640 | 2005-11-16 | Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated... |
| CVE-2002-2137 | 2005-11-16 | GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2,... |
| CVE-2002-2139 | 2005-11-16 | Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session... |
| CVE-2002-2140 | 2005-11-16 | Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP... |
| CVE-2002-2144 | 2005-11-16 | Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows remote attackers to read files outside of the web root by hex-encoding the "/" (forward slash) or "." (dot) characters. |
| CVE-2002-2145 | 2005-11-16 | Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e)... |
| CVE-2002-2146 | 2005-11-16 | cgitest.exe in Savant Web Server 3.1 and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request. |
| CVE-2002-2148 | 2005-11-16 | Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP... |
| CVE-2002-2149 | 2005-11-16 | Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Routers allows remote attackers to cause a denial of service (reboot) via a long HTTP request to the administrative... |
| CVE-2002-2150 | 2005-11-16 | Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN... |
| CVE-2002-2152 | 2005-11-16 | The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected. |
| CVE-2002-2154 | 2005-11-16 | Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences. |
| CVE-2002-2155 | 2005-11-16 | Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel... |