Lista CVE - 2005 / Luglio
Visualizzazione 201 - 300 di 588 CVE per Luglio 2005 (Pagina 3 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2005-2095 | 2005-07-13 | options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site... |
| CVE-2005-2248 | 2005-07-13 | Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder. |
| CVE-2005-2250 | 2005-07-13 | Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. |
| CVE-2005-2251 | 2005-07-13 | PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468. |
| CVE-2005-2252 | 2005-07-13 | PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID. |
| CVE-2005-2253 | 2005-07-13 | SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of... |
| CVE-2005-2254 | 2005-07-13 | Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3)... |
| CVE-2005-2255 | 2005-07-13 | Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to... |
| CVE-2005-2256 | 2005-07-13 | Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter. |
| CVE-2005-2257 | 2005-07-13 | The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter. |
| CVE-2005-2258 | 2005-07-13 | PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter. |
| CVE-2005-2259 | 2005-07-13 | The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse... |
| CVE-2005-2260 | 2005-07-13 | The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it... |
| CVE-2005-2261 | 2005-07-13 | Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers... |
| CVE-2005-2262 | 2005-07-13 | Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background"... |
| CVE-2005-2263 | 2005-07-13 | The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation... |
| CVE-2005-2264 | 2005-07-13 | Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via... |
| CVE-2005-2265 | 2005-07-13 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by... |
| CVE-2005-2266 | 2005-07-13 | Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain,... |
| CVE-2005-2267 | 2005-07-13 | Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is... |
| CVE-2005-2268 | 2005-07-13 | Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog... |
| CVE-2005-2269 | 2005-07-13 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers... |
| CVE-2005-2270 | 2005-07-13 | Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged... |
| CVE-2005-2272 | 2005-07-13 | Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a... |
| CVE-2005-2273 | 2005-07-13 | Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box... |
| CVE-2005-2249 | 2005-07-13 | Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability. |
| CVE-2005-2271 | 2005-07-13 | iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site... |
| CVE-2005-2274 | 2005-07-13 | Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a... |
| CVE-2000-1228 | 2005-07-14 | Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables. |
| CVE-2000-1233 | 2005-07-14 | SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter. |
| CVE-2000-1236 | 2005-07-14 | SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL. |
| CVE-2001-1507 | 2005-07-14 | OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. |
| CVE-2001-1508 | 2005-07-14 | Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument. |
| CVE-2001-1509 | 2005-07-14 | geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges. |
| CVE-2001-1512 | 2005-07-14 | Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050. |
| CVE-2001-1513 | 2005-07-14 | Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory... |
| CVE-2001-1515 | 2005-07-14 | Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive... |
| CVE-2001-1521 | 2005-07-14 | Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. |
| CVE-2001-1524 | 2005-07-14 | Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and... |
| CVE-2001-1527 | 2005-07-14 | easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access. |
| CVE-2001-1537 | 2005-07-14 | The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain... |
| CVE-2001-1539 | 2005-07-14 | Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the... |
| CVE-2001-1547 | 2005-07-14 | Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could... |
| CVE-2001-1550 | 2005-07-14 | CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users. |
| CVE-2001-1552 | 2005-07-14 | ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the... |
| CVE-2001-1562 | 2005-07-14 | Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename. |
| CVE-2001-1563 | 2005-07-14 | Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is... |
| CVE-2001-1564 | 2005-07-14 | setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow... |
| CVE-2001-1567 | 2005-07-14 | Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with... |
| CVE-2002-1991 | 2005-07-14 | PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. |
| CVE-2002-1996 | 2005-07-14 | Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter... |
| CVE-2002-1997 | 2005-07-14 | ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering and possibly execute arbitrary code via email attachments containing a trailing dot after the file extension. |
| CVE-2002-2001 | 2005-07-14 | jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. |
| CVE-2002-2005 | 2005-07-14 | Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors. |
| CVE-2002-2006 | 2005-07-14 | The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet... |
| CVE-2002-2008 | 2005-07-14 | Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks... |
| CVE-2002-2009 | 2005-07-14 | Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which... |
| CVE-2002-2039 | 2005-07-14 | /bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV (invalid memory reference) signal. |
| CVE-2002-2041 | 2005-07-14 | Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u... |
| CVE-2002-2045 | 2005-07-14 | x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid... |
| CVE-2002-2046 | 2005-07-14 | x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie. |
| CVE-2002-2048 | 2005-07-14 | Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4)... |
| CVE-2002-2051 | 2005-07-14 | The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames... |
| CVE-2002-2054 | 2005-07-14 | TeeKai Forum 1.2 allows remote attackers to authenticate as the administrator and and gain privileged web forum access by setting the valid_level cookie to admin. |
| CVE-2002-2055 | 2005-07-14 | Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2002-2056 | 2005-07-14 | Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows remote attackers to inject arbitrary web script or HTML via the valid_username_online cookie. |
| CVE-2002-2057 | 2005-07-14 | TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify... |
| CVE-2002-2061 | 2005-07-14 | Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and... |
| CVE-2002-2066 | 2005-07-14 | BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information... |
| CVE-2002-2073 | 2005-07-14 | Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2002-2086 | 2005-07-14 | Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2)... |
| CVE-2000-1229 | 2005-07-14 | Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative... |
| CVE-2000-1230 | 2005-07-14 | Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman". |
| CVE-2000-1231 | 2005-07-14 | code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string. |
| CVE-2000-1232 | 2005-07-14 | upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method. |
| CVE-2000-1234 | 2005-07-14 | violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters. |
| CVE-2000-1235 | 2005-07-14 | The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP... |
| CVE-2000-1237 | 2005-07-14 | The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force... |
| CVE-2001-1510 | 2005-07-14 | Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files... |
| CVE-2001-1511 | 2005-07-14 | JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source... |
| CVE-2001-1514 | 2005-07-14 | ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with... |
| CVE-2001-1516 | 2005-07-14 | Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews. |
| CVE-2001-1517 | 2005-07-14 | RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory... |
| CVE-2001-1518 | 2005-07-14 | RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe... |
| CVE-2001-1519 | 2005-07-14 | RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the... |
| CVE-2001-1520 | 2005-07-14 | Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext... |
| CVE-2001-1522 | 2005-07-14 | Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. |
| CVE-2001-1523 | 2005-07-14 | Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter. |
| CVE-2001-1525 | 2005-07-14 | Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter. |
| CVE-2001-1526 | 2005-07-14 | Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. |
| CVE-2001-1528 | 2005-07-14 | AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via... |
| CVE-2001-1529 | 2005-07-14 | Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is... |
| CVE-2001-1530 | 2005-07-14 | run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands. |
| CVE-2001-1531 | 2005-07-14 | Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename. |
| CVE-2001-1532 | 2005-07-14 | WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions. |
| CVE-2001-1533 | 2005-07-14 | Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue,... |
| CVE-2001-1534 | 2005-07-14 | mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's... |
| CVE-2001-1535 | 2005-07-14 | Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack. |
| CVE-2001-1536 | 2005-07-14 | Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting... |
| CVE-2001-1538 | 2005-07-14 | SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access. |