Lista CVE - 2005 / Febbraio
Visualizzazione 101 - 200 di 821 CVE per Febbraio 2005 (Pagina 2 di 9)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2003-1073 | 2005-02-08 | A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the... |
| CVE-2003-1074 | 2005-02-08 | Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges. |
| CVE-2003-1075 | 2005-02-08 | Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode... |
| CVE-2003-1076 | 2005-02-08 | Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a... |
| CVE-2003-1077 | 2005-02-08 | Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang). |
| CVE-2003-1078 | 2005-02-08 | The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login. |
| CVE-2003-1079 | 2005-02-08 | Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via... |
| CVE-2003-1080 | 2005-02-08 | Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users. |
| CVE-2003-1081 | 2005-02-08 | Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file. |
| CVE-2003-1082 | 2005-02-08 | Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068. |
| CVE-2004-0848 | 2005-02-08 | Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in... |
| CVE-2004-1131 | 2005-02-08 | Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments. |
| CVE-2004-1244 | 2005-02-08 | Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." |
| CVE-2004-1393 | 2005-02-08 | Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang). |
| CVE-2004-1394 | 2005-02-08 | The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users... |
| CVE-2005-0044 | 2005-02-08 | The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which... |
| CVE-2005-0045 | 2005-02-08 | The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code... |
| CVE-2005-0047 | 2005-02-08 | Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM... |
| CVE-2005-0049 | 2005-02-08 | Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script... |
| CVE-2005-0050 | 2005-02-08 | The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and... |
| CVE-2005-0051 | 2005-02-08 | The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe,... |
| CVE-2005-0053 | 2005-02-08 | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." |
| CVE-2005-0054 | 2005-02-08 | Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that... |
| CVE-2005-0055 | 2005-02-08 | Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka... |
| CVE-2005-0056 | 2005-02-08 | Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code,... |
| CVE-2005-0057 | 2005-02-08 | The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the... |
| CVE-2005-0100 | 2005-02-08 | Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary... |
| CVE-2005-0231 | 2005-02-08 | Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model,... |
| CVE-2005-0232 | 2005-02-08 | Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site... |
| CVE-2005-0241 | 2005-02-08 | The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers... |
| CVE-2005-0244 | 2005-02-08 | PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command. |
| CVE-2005-0245 | 2005-02-08 | Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to... |
| CVE-2005-0246 | 2005-02-08 | The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays. |
| CVE-2005-0247 | 2005-02-08 | Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled... |
| CVE-2005-0248 | 2005-02-08 | The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows... |
| CVE-2005-0249 | 2005-02-08 | Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a... |
| CVE-2005-0250 | 2005-02-08 | Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument. |
| CVE-2005-0202 | 2005-02-09 | Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by... |
| CVE-2005-0076 | 2005-02-10 | Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library. |
| CVE-2005-0088 | 2005-02-10 | The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL. |
| CVE-2005-0230 | 2005-02-10 | Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat... |
| CVE-2005-0260 | 2005-02-10 | Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which... |
| CVE-2005-0261 | 2005-02-10 | lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files. |
| CVE-2005-0262 | 2005-02-10 | Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument. |
| CVE-2005-0263 | 2005-02-10 | Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument. |
| CVE-2005-0264 | 2005-02-10 | Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter. |
| CVE-2005-0265 | 2005-02-10 | Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter. |
| CVE-2005-0266 | 2005-02-10 | Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or... |
| CVE-2005-0267 | 2005-02-10 | index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive. |
| CVE-2005-0268 | 2005-02-10 | Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field. |
| CVE-2005-0269 | 2005-02-10 | The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include... |
| CVE-2005-0270 | 2005-02-10 | Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat... |
| CVE-2005-0271 | 2005-02-10 | Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to... |
| CVE-2005-0272 | 2005-02-10 | ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions. |
| CVE-2005-0273 | 2005-02-10 | Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter. |
| CVE-2005-0274 | 2005-02-10 | Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or... |
| CVE-2005-0275 | 2005-02-10 | TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name. |
| CVE-2005-0276 | 2005-02-10 | Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in... |
| CVE-2005-0277 | 2005-02-10 | Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a... |
| CVE-2005-0278 | 2005-02-10 | The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation... |
| CVE-2005-0279 | 2005-02-10 | Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a... |
| CVE-2005-0280 | 2005-02-10 | Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers... |
| CVE-2005-0281 | 2005-02-10 | Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not... |
| CVE-2005-0282 | 2005-02-10 | SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter. |
| CVE-2005-0283 | 2005-02-10 | Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the... |
| CVE-2005-0284 | 2005-02-10 | SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter. |
| CVE-2005-0285 | 2005-02-10 | Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs. |
| CVE-2005-0286 | 2005-02-10 | eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2)... |
| CVE-2005-0287 | 2005-02-10 | Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values. |
| CVE-2005-0288 | 2005-02-10 | The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other... |
| CVE-2005-0289 | 2005-02-10 | Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by... |
| CVE-2005-0290 | 2005-02-10 | NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. |
| CVE-2005-0291 | 2005-02-10 | Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a... |
| CVE-2005-0292 | 2005-02-10 | Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid,... |
| CVE-2005-0293 | 2005-02-10 | Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the month parameter. |
| CVE-2005-0294 | 2005-02-10 | minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission... |
| CVE-2005-0295 | 2005-02-10 | npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges. |
| CVE-2005-0296 | 2005-02-10 | NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as... |
| CVE-2005-0297 | 2005-02-10 | SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges. |
| CVE-2005-0298 | 2005-02-10 | The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain... |
| CVE-2005-0299 | 2005-02-10 | Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name... |
| CVE-2005-0300 | 2005-02-10 | Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter. |
| CVE-2005-0301 | 2005-02-10 | comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. |
| CVE-2005-0302 | 2005-02-10 | SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. |
| CVE-2005-0303 | 2005-02-10 | Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error... |
| CVE-2005-0304 | 2005-02-10 | Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a... |
| CVE-2005-0305 | 2005-02-10 | CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation. |
| CVE-2005-0306 | 2005-02-10 | MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in... |
| CVE-2005-0307 | 2005-02-10 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t,... |
| CVE-2005-0308 | 2005-02-10 | Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name. |
| CVE-2005-0309 | 2005-02-10 | Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter. |
| CVE-2005-0310 | 2005-02-10 | Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path... |
| CVE-2005-0311 | 2005-02-10 | Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users... |
| CVE-2005-0312 | 2005-02-10 | WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as... |
| CVE-2005-0313 | 2005-02-10 | Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via... |
| CVE-2005-0314 | 2005-02-10 | Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields. |
| CVE-2005-0315 | 2005-02-10 | The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the... |
| CVE-2005-0316 | 2005-02-10 | WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended... |
| CVE-2005-0317 | 2005-02-10 | Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| CVE-2005-0318 | 2005-02-10 | useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified... |