Vulnerabilities (CVE)

Filter

120781 total CVE
CVE Vendors Products Updated CVSS
CVE-2005-0686 1 Mlterm 1 Mlterm 2008-09-05 7.5
Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.
CVE-2005-0682 1 Drupal 1 Drupal 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.
CVE-2005-0677 1 Phpoutsourcing 1 Zorum 2008-09-05 5.0
index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter.
CVE-2005-0676 1 Phpoutsourcing 1 Zorum 2008-09-05 7.5
index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability.
CVE-2005-0675 1 Phpoutsourcing 1 Zorum 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters.
CVE-2005-0673 1 Phpbb Group 1 Phpbb 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into...
CVE-2005-0672 1 Ca3de 1 Ca3de 2008-09-05 7.5
Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference.
CVE-2005-0671 1 Ca3de 1 Ca3de 2008-09-05 7.5
Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command.
CVE-2005-0668 1 Christian Hilgers 1 Http Anti Virus Proxy %28havp%29 2008-09-05 7.5
Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files.
CVE-2005-0667 5 Gentoo, Altlinux, Sylpheed and 2 more 7 Linux Advanced Workstation, Linux, Sylpheed and 4 more 2008-09-05 5.1
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user...
CVE-2005-0666 1 The Pax Team 1 Pax Linux 2008-09-05 4.6
Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code.
CVE-2005-0665 1 John Bradley 1 Xv 2008-09-05 5.1
Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename.
CVE-2005-0662 1 Mercuryboard 1 Mercuryboard 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field.
CVE-2005-0661 1 Woltlab 1 Burning Board 2008-09-05 7.5
SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie.
CVE-2005-0660 1 Adalis 1 D-forum 2008-09-05 4.3
Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3.
CVE-2005-0653 1 Phpmyadmin 1 Phpmyadmin 2008-09-05 4.6
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.
CVE-2005-0649 1 Pixel-apes Group 1 Safehtml 2008-09-05 4.3
Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities."
CVE-2005-0648 1 Pixel-apes Group 1 Safehtml 2008-09-05 4.3
Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol."
CVE-2005-0644 1 Mcafee 1 Antivirus Engine 2008-09-05 7.5
Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643.
CVE-2005-0642 1 Ca 1 Unicenter Asset Management 2008-09-05 7.5
SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.