Vulnerabilities (CVE)

Filter

120061 total CVE
CVE Vendors Products Updated CVSS
CVE-2005-2214 1 Debian 1 Apt-setup 2008-09-05 4.6
apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2005-2212 1 Sukria 1 Backup Manager 2008-09-05 6.4
Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository.
CVE-2005-2211 1 Sukria 1 Backup Manager 2008-09-05 4.6
Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR.
CVE-2005-2210 1 Tonec Inc. 1 Internet Download Manager 2008-09-05 7.5
Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL.
CVE-2005-2209 1 Capturix 1 Scanshare 2008-09-05 1.9
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.
CVE-2005-2208 1 Privashare 1 Privashare 2008-09-05 5.0
PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message.
CVE-2005-2207 1 Elemental Software 1 Cartwiz 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-2206 1 Elemental Software 1 Cartwiz 2008-09-05 7.5
Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3)...
CVE-2005-2205 1 Pngren 1 Pngren 2008-09-05 7.5
The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
CVE-2005-2203 1 Phpwishlist 1 Phpwishlist 2008-09-05 7.5
login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php.
CVE-2005-2202 1 Xerox 3 Workcentre 2128, Workcentre 3545, Workcentre 2636 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-2201 1 Xerox 3 Workcentre 2128, Workcentre 3545, Workcentre 2636 2008-09-05 6.4
Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.
CVE-2005-2200 1 Xerox 3 Workcentre 2128, Workcentre 3545, Workcentre 2636 2008-09-05 7.5
Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication.
CVE-2005-2199 1 Skrypty 1 Ppa Gallery 2008-09-05 7.5
PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.
CVE-2005-2198 1 Spid 1 Spid 2008-09-05 7.5
PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter.
CVE-2005-2196 1 Apple 1 Airport Card 2008-09-05 2.1
The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network.
CVE-2005-2175 1 Ibm 1 Lotus Notes 2008-09-05 5.0
The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
CVE-2005-2174 1 Mozilla 1 Bugzilla 2008-09-05 2.6
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before...
CVE-2005-2173 1 Mozilla 1 Bugzilla 2008-09-05 5.0
The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a...
CVE-2005-2169 1 Kaf Oseo 1 Quick And Dirty Phpsource Printer 2008-09-05 5.0
Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when PHPSource Printer...