Vulnerabilities (CVE)

Filter

118858 total CVE
CVE Vendors Products Updated CVSS
CVE-2005-2645 1 Xerox 7 Document Centre 490, Document Centre 420, Document Centre 265 and 4 more 2008-09-05 7.5
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication.
CVE-2005-2644 1 Isemarket 1 Jaguarcontrol 2008-09-05 7.5
Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Jtext field.
CVE-2005-2642 1 Mutt 1 Mutt 2008-09-05 7.5
Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext.
CVE-2005-2617 1 Linux 1 Linux Kernel 2008-09-05 3.6
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit...
CVE-2005-2615 1 Eqdkp 1 Eqdkp 2008-09-05 7.5
Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.
CVE-2005-2614 1 Crosscom Olicom 1 Discuz 2008-09-05 7.5
Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.
CVE-2005-2612 1 Wordpress 1 Wordpress 2008-09-05 7.5
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
CVE-2005-2610 1 Vegadns 1 Vegadns 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-2609 1 Vegadns 1 Vegadns 2008-09-05 5.0
index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter.
CVE-2005-2608 1 Safehtml 1 Safehtml 2008-09-05 4.3
SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML.
CVE-2005-2607 1 Phpsimplicity 1 Simplicity Of Upload 2008-09-05 5.0
PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.
CVE-2005-2605 1 Omnipilot Software 1 Lasso Professional Server 2008-09-05 6.4
Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags.
CVE-2005-2602 1 Mozilla 2 Firefox, Thunderbird 2008-09-05 2.6
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
CVE-2005-2601 1 Midicart Software 1 Midicart Php Shopping Cart 2008-09-05 7.5
SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp.
CVE-2005-2600 1 Ilia Alshanetsky 1 Fudforum 2008-09-05 5.0
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.
CVE-2005-2598 1 Dokeos 1 Dokeos 2008-09-05 5.0
Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary...
CVE-2005-2596 1 Gallery Project 1 Gallery 2008-09-05 4.6
User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.
CVE-2005-2595 1 Dada Mail 1 Dada Mail 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages.
CVE-2005-2594 1 Apple 1 Safari 2008-09-05 5.0
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.
CVE-2005-2589 1 Linksys 1 Wrt54gs 2008-09-05 7.5
Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.