Lista CVE - 2005 / Febbraio
Visualizzazione 801 - 821 di 821 CVE per Febbraio 2005 (Pagina 9 di 9)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2005-0578 | 2005-02-27 | Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a... |
| CVE-2005-0579 | 2005-02-27 | nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication. |
| CVE-2005-0574 | 2005-02-27 | Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL. |
| CVE-2005-0576 | 2005-02-27 | Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. |
| CVE-2005-0580 | 2005-02-27 | cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file. |
| CVE-2004-0944 | 2005-02-28 | The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid... |
| CVE-2004-0945 | 2005-02-28 | The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of... |
| CVE-2005-0205 | 2005-02-28 | KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to... |
| CVE-2005-0208 | 2005-02-28 | The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different... |
| CVE-2005-0255 | 2005-02-28 | String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the... |
| CVE-2005-0584 | 2005-02-28 | Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and... |
| CVE-2005-0585 | 2005-02-28 | Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks. |
| CVE-2005-0586 | 2005-02-28 | Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick... |
| CVE-2005-0587 | 2005-02-28 | Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the... |
| CVE-2005-0588 | 2005-02-28 | Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of... |
| CVE-2005-0589 | 2005-02-28 | The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete... |
| CVE-2005-0590 | 2005-02-28 | The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the... |
| CVE-2005-0591 | 2005-02-28 | Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and... |
| CVE-2005-0592 | 2005-02-28 | Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code... |
| CVE-2005-0593 | 2005-02-28 | Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows... |
| CVE-2005-0595 | 2005-03-01 | Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter. |
| CVE-2005-0597 | 2005-03-01 | Cisco devices running Application and Content Networking System (ACNS) 5.0 before 5.0.17.6 and 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (process restart) via a "crafted... |
| CVE-2005-0598 | 2005-03-01 | The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets. |
| CVE-2005-0599 | 2005-03-01 | Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, or 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (CPU consumption) via malformed IP packets. |
| CVE-2005-0600 | 2005-03-01 | Cisco devices running Application and Content Networking System (ACNS) 5.0, 5.1 before 5.1.13.7, or 5.2 before 5.2.3.9 allow remote attackers to cause a denial of service (bandwidth consumption) via "crafted... |
| CVE-2005-0601 | 2005-03-01 | Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, 5.1, or 5.2 use a default password when the setup dialog has not been run, which allows remote attackers... |
| CVE-2005-0602 | 2005-03-01 | Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. |
| CVE-2005-0603 | 2005-03-01 | viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error... |
| CVE-2005-0604 | 2005-03-01 | lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials. |
| CVE-2005-0606 | 2005-03-01 | Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1)... |
| CVE-2005-0607 | 2005-03-01 | CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5)... |
| CVE-2005-0608 | 2005-03-01 | Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a POST request with a Content-Length that... |
| CVE-2005-0596 | 2005-03-01 | PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size. |
| CVE-2004-0428 | 2005-03-02 | Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact. |
| CVE-2004-0429 | 2005-03-02 | Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via... |
| CVE-2005-0455 | 2005-03-02 | Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary... |
| CVE-2005-0581 | 2005-03-02 | Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a... |
| CVE-2005-0582 | 2005-03-02 | Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request. |
| CVE-2005-0583 | 2005-03-02 | Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request. |
| CVE-2005-0611 | 2005-03-02 | Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files. |
| CVE-2005-0612 | 2005-03-02 | Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain hard-coded default SNMP community strings, which allows remote attackers to gain access, cause a denial of service, and modify configuration. |
| CVE-2005-0615 | 2005-03-02 | Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. |
| CVE-2005-0616 | 2005-03-02 | Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2)... |
| CVE-2005-0617 | 2005-03-02 | SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. |
| CVE-2005-0618 | 2005-03-02 | The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for... |
| CVE-2005-0619 | 2005-03-02 | Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges. |
| CVE-2005-0621 | 2005-03-02 | Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as... |
| CVE-2005-0622 | 2005-03-02 | RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing (1) .... |
| CVE-2005-0623 | 2005-03-02 | Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL. |
| CVE-2005-0624 | 2005-03-02 | reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords. |
| CVE-2005-0625 | 2005-03-02 | reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd. |
| CVE-2005-0620 | 2005-03-02 | Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information. |
| CVE-2005-0614 | 2005-03-03 | sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. |
| CVE-2005-0626 | 2005-03-03 | Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows... |
| CVE-2005-0613 | 2005-03-03 | Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files. |
| CVE-2005-0605 | 2005-03-04 | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. |
| CVE-2005-0627 | 2005-03-04 | Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. |
| CVE-2005-0628 | 2005-03-04 | Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or... |
| CVE-2005-0629 | 2005-03-04 | Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters. |
| CVE-2005-0630 | 2005-03-04 | sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter. |
| CVE-2005-0631 | 2005-03-04 | delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters. |
| CVE-2005-0632 | 2005-03-04 | PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter. |
| CVE-2005-0633 | 2005-03-04 | Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file. |
| CVE-2005-0634 | 2005-03-04 | Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command. |
| CVE-2005-0635 | 2005-03-04 | Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command. |
| CVE-2005-0636 | 2005-03-04 | Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command. |
| CVE-2005-0637 | 2005-03-04 | The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify... |
| CVE-2005-0638 | 2005-03-04 | xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip... |
| CVE-2005-0639 | 2005-03-04 | Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer... |
| CVE-2005-0640 | 2005-03-04 | Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain... |
| CVE-2005-0641 | 2005-03-04 | Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name... |
| CVE-2005-0642 | 2005-03-04 | SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file. |
| CVE-2005-0645 | 2005-03-04 | Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in... |
| CVE-2005-0646 | 2005-03-04 | SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter. |
| CVE-2005-0647 | 2005-03-04 | admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. |
| CVE-2005-0648 | 2005-03-04 | Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol." |
| CVE-2005-0649 | 2005-03-04 | Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." |
| CVE-2005-0650 | 2005-03-04 | Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php"... |
| CVE-2005-0651 | 2005-03-04 | Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "drivers.php" by... |
| CVE-2003-1088 | 2005-03-07 | Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter. |
| CVE-2003-1089 | 2005-03-07 | index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message. |
| CVE-2005-0397 | 2005-03-07 | Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code... |
| CVE-2005-0652 | 2005-03-07 | Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files. |
| CVE-2005-0653 | 2005-03-07 | phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. |
| CVE-2005-0654 | 2005-03-07 | gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2)... |
| CVE-2005-0655 | 2005-03-07 | auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path... |
| CVE-2005-0656 | 2005-03-07 | Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php,... |
| CVE-2005-0657 | 2005-03-07 | Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. (dot... |
| CVE-2005-0658 | 2005-03-07 | SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter. |
| CVE-2005-0659 | 2005-03-07 | phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. |
| CVE-2005-0660 | 2005-03-07 | Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3. |
| CVE-2005-0661 | 2005-03-07 | SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2)... |
| CVE-2005-0663 | 2005-03-07 | SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter. |
| CVE-2005-0665 | 2005-03-07 | Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename. |
| CVE-2005-0667 | 2005-03-07 | Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are... |
| CVE-2005-0668 | 2005-03-07 | Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files. |
| CVE-2005-0669 | 2005-03-07 | Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the... |
| CVE-2005-0670 | 2005-03-07 | Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter... |
| CVE-2005-0671 | 2005-03-07 | Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command. |
| CVE-2005-0672 | 2005-03-07 | Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference. |