Lista CVE - 2005 / Novembre
Visualizzazione 701 - 702 di 702 CVE per Novembre 2005 (Pagina 8 di 8)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2005-3929 | 2005-11-30 | Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to... |
| CVE-2005-2757 | 2005-12-01 | Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of... |
| CVE-2005-3700 | 2005-12-01 | Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack... |
| CVE-2005-3701 | 2005-12-01 | Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors. |
| CVE-2005-3702 | 2005-12-01 | Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long... |
| CVE-2005-3704 | 2005-12-01 | System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such... |
| CVE-2005-3705 | 2005-12-01 | Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code... |
| CVE-2005-3930 | 2005-12-01 | SQL injection vulnerability in index.php in N-13 News 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2005-3931 | 2005-12-01 | SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer. |
| CVE-2005-3932 | 2005-12-01 | SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter. |
| CVE-2005-3933 | 2005-12-01 | SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. |
| CVE-2005-3934 | 2005-12-01 | Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors. |
| CVE-2005-3935 | 2005-12-01 | SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters. |
| CVE-2005-3936 | 2005-12-01 | PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter. |
| CVE-2005-3937 | 2005-12-01 | SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3)... |
| CVE-2005-3938 | 2005-12-01 | SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4)... |
| CVE-2005-3939 | 2005-12-01 | Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks... |
| CVE-2005-3940 | 2005-12-01 | SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. |
| CVE-2005-3941 | 2005-12-01 | SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. |
| CVE-2005-3942 | 2005-12-01 | SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter. |
| CVE-2005-3943 | 2005-12-01 | Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php;... |
| CVE-2005-3944 | 2005-12-01 | SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEY_ID parameter. |
| CVE-2005-3945 | 2005-12-01 | The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a... |
| CVE-2005-3946 | 2005-12-01 | Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. |
| CVE-2005-3947 | 2005-12-01 | Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter. |
| CVE-2005-3948 | 2005-12-01 | Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters. |
| CVE-2005-3949 | 2005-12-01 | Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter... |
| CVE-2005-3950 | 2005-12-01 | nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets. |
| CVE-2005-3951 | 2005-12-01 | SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter. |
| CVE-2005-3952 | 2005-12-01 | SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search... |
| CVE-2005-3953 | 2005-12-01 | SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to... |
| CVE-2005-3954 | 2005-12-01 | Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php. |
| CVE-2005-3955 | 2005-12-01 | Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or... |
| CVE-2005-3956 | 2005-12-01 | Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the... |
| CVE-2005-3957 | 2005-12-01 | Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors. |
| CVE-2005-3958 | 2005-12-01 | SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action... |
| CVE-2005-3959 | 2005-12-01 | Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor... |
| CVE-2005-3960 | 2005-12-01 | Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information. |
| CVE-2005-3961 | 2005-12-01 | export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. |
| CVE-2005-3962 | 2005-12-01 | Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with... |
| CVE-2005-3963 | 2005-12-02 | SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie. |
| CVE-2005-3964 | 2005-12-02 | Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function... |
| CVE-2004-2607 | 2005-12-03 | A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large... |
| CVE-2005-3966 | 2005-12-03 | Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| CVE-2005-3967 | 2005-12-03 | Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter. |
| CVE-2005-3968 | 2005-12-03 | SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter. |
| CVE-2005-3969 | 2005-12-03 | SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| CVE-2005-3970 | 2005-12-03 | Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CVE-2005-3971 | 2005-12-03 | Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or... |
| CVE-2005-3972 | 2005-12-03 | Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
| CVE-2005-3973 | 2005-12-03 | Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values,... |
| CVE-2005-3974 | 2005-12-03 | Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission. |
| CVE-2005-3975 | 2005-12-03 | Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with... |
| CVE-2005-3976 | 2005-12-03 | SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0... |
| CVE-2005-3977 | 2005-12-03 | Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module. |
| CVE-2005-3978 | 2005-12-03 | Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1)... |
| CVE-2005-3979 | 2005-12-03 | relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as... |
| CVE-2003-1288 | 2005-12-04 | Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the... |
| CVE-2004-2608 | 2005-12-04 | SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the... |
| CVE-2004-2609 | 2005-12-04 | The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations,... |
| CVE-2004-2610 | 2005-12-04 | mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this... |
| CVE-2004-2611 | 2005-12-04 | The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky... |
| CVE-2004-2612 | 2005-12-04 | BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users. |
| CVE-2004-2613 | 2005-12-04 | Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack... |
| CVE-2004-2614 | 2005-12-04 | Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. |
| CVE-2004-2615 | 2005-12-04 | The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news,... |
| CVE-2004-2616 | 2005-12-04 | The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message. |
| CVE-2004-2617 | 2005-12-04 | Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/'... |
| CVE-2004-2618 | 2005-12-04 | Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). |
| CVE-2005-3980 | 2005-12-04 | SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. |
| CVE-2005-3981 | 2005-12-04 | NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain... |
| CVE-2005-3982 | 2005-12-04 | CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to... |
| CVE-2005-3983 | 2005-12-04 | Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of... |
| CVE-2005-3984 | 2005-12-04 | SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949. |
| CVE-2004-2619 | 2005-12-04 | ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted. |
| CVE-2004-2621 | 2005-12-04 | Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to... |
| CVE-2004-2622 | 2005-12-04 | AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access. |
| CVE-2004-2623 | 2005-12-04 | Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter." |
| CVE-2004-2624 | 2005-12-04 | Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter. |
| CVE-2004-2625 | 2005-12-04 | Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag. |
| CVE-2004-2626 | 2005-12-04 | GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message. |
| CVE-2004-2627 | 2005-12-04 | Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code. |
| CVE-2004-2628 | 2005-12-04 | Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot... |
| CVE-2004-2630 | 2005-12-04 | The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. |
| CVE-2004-2631 | 2005-12-04 | Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. |
| CVE-2004-2632 | 2005-12-04 | phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. |
| CVE-2004-2633 | 2005-12-04 | Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors. |
| CVE-2004-2634 | 2005-12-04 | The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack... |
| CVE-2004-2635 | 2005-12-04 | An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method. |
| CVE-2004-2636 | 2005-12-04 | TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL. |
| CVE-2004-2637 | 2005-12-04 | The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to... |
| CVE-2004-2638 | 2005-12-04 | The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value. |
| CVE-2004-2639 | 2005-12-04 | Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors. |
| CVE-2004-2640 | 2005-12-04 | Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter. |
| CVE-2004-2641 | 2005-12-04 | Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of... |
| CVE-2004-2642 | 2005-12-04 | Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender. |
| CVE-2004-2643 | 2005-12-04 | Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive. |
| CVE-2004-2644 | 2005-12-04 | Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags. |
| CVE-2004-2645 | 2005-12-04 | Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures." |
| CVE-2004-2646 | 2005-12-04 | The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable... |