Lista CVE - 2005 / Maggio
Visualizzazione 801 - 856 di 856 CVE per Maggio 2005 (Pagina 9 di 9)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2004-2101 | 2005-05-27 | The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow. |
| CVE-2004-2102 | 2005-05-27 | Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified version of thttpd, allows remote attackers to inject arbitrary web script or HTML via the test parameter. |
| CVE-2004-2103 | 2005-05-27 | Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request... |
| CVE-2004-2104 | 2005-05-27 | Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet,... |
| CVE-2004-2105 | 2005-05-27 | The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. |
| CVE-2004-2106 | 2005-05-27 | Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/. |
| CVE-2004-2107 | 2005-05-27 | Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1)... |
| CVE-2004-2108 | 2005-05-27 | Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6)... |
| CVE-2004-2109 | 2005-05-27 | Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a... |
| CVE-2004-2110 | 2005-05-27 | SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. |
| CVE-2004-2111 | 2005-05-27 | Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. |
| CVE-2004-2112 | 2005-05-27 | Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL. |
| CVE-2004-2113 | 2005-05-27 | Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL. |
| CVE-2004-2114 | 2005-05-27 | Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL. |
| CVE-2004-2115 | 2005-05-27 | Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or... |
| CVE-2004-2116 | 2005-05-27 | Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL. |
| CVE-2004-2117 | 2005-05-27 | Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2)... |
| CVE-2004-2118 | 2005-05-27 | Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow. |
| CVE-2004-2119 | 2005-05-27 | Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL. |
| CVE-2004-2120 | 2005-05-27 | Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version. |
| CVE-2004-2121 | 2005-05-27 | Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded... |
| CVE-2004-2122 | 2005-05-27 | Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters. |
| CVE-2004-2123 | 2005-05-27 | Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.asp, (2) searchKey parameter... |
| CVE-2004-2124 | 2005-05-27 | The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a... |
| CVE-2004-2125 | 2005-05-27 | Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file... |
| CVE-2004-2126 | 2005-05-27 | The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users... |
| CVE-2004-2127 | 2005-05-27 | Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable. |
| CVE-2004-2128 | 2005-05-27 | Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll. |
| CVE-2004-2129 | 2005-05-27 | SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow. |
| CVE-2004-2130 | 2005-05-27 | Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables. |
| CVE-2004-2131 | 2005-05-27 | Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable. |
| CVE-2004-2132 | 2005-05-27 | Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. |
| CVE-2004-2133 | 2005-05-27 | Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code... |
| CVE-2004-2134 | 2005-05-27 | Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. |
| CVE-2002-1664 | 2005-05-28 | Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information. |
| CVE-2002-1665 | 2005-05-28 | Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field. |
| CVE-2005-0356 | 2005-05-31 | Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet... |
| CVE-2005-1770 | 2005-05-31 | Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 and possibly other versions allows local users to cause a denial of service (system crash) and possibly execute arbitrary... |
| CVE-2005-1771 | 2005-05-31 | Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t. |
| CVE-2005-1772 | 2005-05-31 | Buffer overflow in the client cd-key hash in Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a... |
| CVE-2005-1773 | 2005-05-31 | Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in... |
| CVE-2005-1774 | 2005-05-31 | WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem. |
| CVE-2005-1775 | 2005-05-31 | Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a large nickname. |
| CVE-2005-1776 | 2005-05-31 | Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string. |
| CVE-2005-1777 | 2005-05-31 | SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. |
| CVE-2005-1778 | 2005-05-31 | Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. |
| CVE-2005-1779 | 2005-05-31 | SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter. |
| CVE-2005-1780 | 2005-05-31 | SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password. |
| CVE-2005-1782 | 2005-05-31 | Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm,... |
| CVE-2005-1783 | 2005-05-31 | BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or... |
| CVE-2005-1785 | 2005-05-31 | SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. |
| CVE-2005-1786 | 2005-05-31 | SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter. |
| CVE-2005-1787 | 2005-05-31 | setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable. |
| CVE-2005-1781 | 2005-05-31 | Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash). |
| CVE-2005-1784 | 2005-05-31 | Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp. |
| CVE-2004-2135 | 2005-06-01 | cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected... |
| CVE-2004-2136 | 2005-06-01 | dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected... |
| CVE-2005-1789 | 2005-06-01 | SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password. |
| CVE-2005-1790 | 2005-06-01 | Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload... |
| CVE-2005-1791 | 2005-06-01 | Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with... |
| CVE-2005-1792 | 2005-06-01 | Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be... |
| CVE-2005-1794 | 2005-06-01 | Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public... |
| CVE-2005-1795 | 2005-06-01 | The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell... |
| CVE-2005-1796 | 2005-06-01 | Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. |
| CVE-2005-1797 | 2005-06-01 | The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time... |
| CVE-2005-1799 | 2005-06-01 | Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CVE-2005-1800 | 2005-06-01 | Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm... |
| CVE-2005-1801 | 2005-06-01 | The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user... |
| CVE-2005-1802 | 2005-06-01 | Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. |
| CVE-2005-1803 | 2005-06-01 | Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or... |
| CVE-2005-1805 | 2005-06-01 | SQL injection vulnerability in login.asp in an unknown product by Online Solutions for Educators (OS4E) allows remote attackers to execute arbitrary SQL commands via the password. |
| CVE-2005-1806 | 2005-06-01 | Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL. |
| CVE-2005-1807 | 2005-06-01 | The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long... |
| CVE-2005-1808 | 2005-06-01 | Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large size value for the nickname, which causes... |
| CVE-2005-1809 | 2005-06-01 | Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service (panic) via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object... |
| CVE-2005-1810 | 2005-06-01 | SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php. |
| CVE-2005-1811 | 2005-06-01 | Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile. |
| CVE-2005-1814 | 2005-06-01 | Stack-based buffer overflow in PicoWebServer 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URL. |
| CVE-2005-1815 | 2005-06-01 | Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a... |
| CVE-2005-1820 | 2005-06-01 | zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function. |
| CVE-2005-1821 | 2005-06-01 | PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php. |
| CVE-2005-1822 | 2005-06-01 | Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4)... |
| CVE-2005-1823 | 2005-06-01 | Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3)... |
| CVE-2005-1788 | 2005-06-01 | SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter. |
| CVE-2005-1793 | 2005-06-01 | User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large... |
| CVE-2005-1798 | 2005-06-01 | Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. |
| CVE-2005-1804 | 2005-06-01 | Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or... |
| CVE-2005-1812 | 2005-06-01 | Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a... |
| CVE-2005-1813 | 2005-06-01 | Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2)... |
| CVE-2005-1816 | 2005-06-01 | Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen. |
| CVE-2005-1817 | 2005-06-01 | Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters. |
| CVE-2005-1818 | 2005-06-01 | Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 allow remote attackers to execute arbitrary SQL commands via unknown attack vectors. |
| CVE-2005-1819 | 2005-06-01 | Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CVE-2005-1824 | 2005-06-02 | The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character |
| CVE-2005-1825 | 2005-06-02 | Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute... |
| CVE-2005-1826 | 2005-06-02 | Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file... |
| CVE-2005-1827 | 2005-06-02 | D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. |
| CVE-2005-1828 | 2005-06-02 | D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. |
| CVE-2005-1829 | 2005-06-02 | Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other. |
| CVE-2005-1830 | 2005-06-02 | The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 allows remote attackers to cause a denial of service (application crash) via an invalid Debug Message pointer. |