Vulnerabilities (CVE)

Filter

122577 total CVE
CVE Vendors Products Updated CVSS
CVE-2005-3291 1 Stani 1 Stanis Python Editor 2008-09-05 4.6
Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files.
CVE-2005-3289 1 Ibm 1 Aix 2008-09-05 2.1
LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.
CVE-2005-3288 1 Rockliffe 1 Mailsite Express 2008-09-05 5.0
Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message.
CVE-2005-3287 1 Rockliffe 1 Mailsite Express 2008-09-05 5.0
Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and...
CVE-2005-3285 1 Comersus Open Technologies 1 Comersus Backoffice Plus 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters.
CVE-2005-3284 1 Ahnlab 3 V3net, V3pro 2004, Myv3 2008-09-05 7.5
Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ,...
CVE-2005-3282 2008-09-05 7.5
Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authentication via unknown vectors.
CVE-2005-3281 1 Nukefixes 1 Nukefixes 2008-09-05 5.0
Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter.
CVE-2005-3279 1 Jan Kybic 1 Bitmap Viewer 2008-09-05 7.2
Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option.
CVE-2005-3277 1 Hp 1 Hp-ux 2008-09-05 10.0
The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing...
CVE-2005-3270 1 Symantec 1 Norton Antivirus 2008-09-05 7.2
Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file.
CVE-2005-3268 1 Raphael Bossek 1 Yiff Server 2008-09-05 2.1
yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files.
CVE-2005-3255 2008-09-05 5.0
The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs.
CVE-2005-3254 1 Nathan Neulinger 1 Cgiwrap 2008-09-05 10.0
The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than...
CVE-2005-3251 1 Gallery Project 1 Gallery 2008-09-05 6.4
Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter.
CVE-2005-3238 2008-09-05 2.1
Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors.
CVE-2005-3177 1 Microsoft 3 Windows Xp, Windows 2003 Server, Windows 2000 2008-09-05 4.6
CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the...
CVE-2005-3176 1 Microsoft 1 Windows 2000 2008-09-05 7.5
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
CVE-2005-3175 1 Microsoft 1 Windows 2000 2008-09-05 7.2
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
CVE-2005-3174 1 Microsoft 1 Windows 2000 2008-09-05 4.6
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.