Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2005-2181 Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such... | 7.5 | HIGH | β | 0 |
| CVE-2005-2182 Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoo... | 7.5 | HIGH | β | 0 |
| CVE-2005-2183 class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain ... | N/A | NONE | β | 0 |
| CVE-2005-2184 eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. | N/A | NONE | β | 0 |
| CVE-2005-2185 eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. | N/A | NONE | β | 0 |
| CVE-2005-2186 Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName o... | N/A | NONE | β | 0 |
| CVE-2005-2187 McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using t... | N/A | NONE | β | 0 |
| CVE-2005-2188 McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack. | N/A | NONE | β | 0 |
| CVE-2005-2189 Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive informa... | N/A | NONE | β | 0 |
| CVE-2005-2190 Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2... | N/A | NONE | β | 0 |
| CVE-2005-2191 Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssign... | N/A | NONE | β | 0 |
| CVE-2005-2192 SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack. | N/A | NONE | β | 0 |
| CVE-2005-2193 SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not init... | N/A | NONE | β | 0 |
| CVE-2005-2197 SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php. | N/A | NONE | β | 0 |
| CVE-2005-2198 PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter. | N/A | NONE | β | 0 |
| CVE-2005-2199 PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable. | N/A | NONE | β | 0 |
| CVE-2005-2200 Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication. | N/A | NONE | β | 0 |
| CVE-2005-2201 Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or acce... | N/A | NONE | β | 0 |
| CVE-2005-2202 Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject... | N/A | NONE | β | 0 |
| CVE-2005-2203 login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php. | N/A | NONE | β | 0 |
| CVE-2005-2204 Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or H... | N/A | NONE | β | 0 |
| CVE-2005-2205 The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | N/A | NONE | β | 0 |
| CVE-2005-2206 Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, ... | N/A | NONE | β | 0 |
| CVE-2005-2207 Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | N/A | NONE | β | 0 |
| CVE-2005-2208 PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message. | N/A | NONE | β | 0 |
| CVE-2005-2209 Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | 5.5 | MEDIUM | β | 0 |
| CVE-2005-2210 Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL. | N/A | NONE | β | 0 |
| CVE-2005-2211 Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR. | N/A | NONE | β | 0 |
| CVE-2005-2212 Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository. | N/A | NONE | β | 0 |
| CVE-2005-2213 Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow remote attackers to execute arbitrary code via a file with more than 20 streams. | N/A | NONE | β | 0 |
| CVE-2005-2214 apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords. | N/A | NONE | β | 0 |
| CVE-2005-0564 Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font in... | N/A | NONE | β | 0 |
| CVE-2005-1219 Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. | N/A | NONE | β | 0 |
| CVE-2005-1859 Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluste... | N/A | NONE | β | 0 |
| CVE-2005-2215 Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move ... | N/A | NONE | β | 0 |
| CVE-2005-2216 PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter. | N/A | NONE | β | 0 |
| CVE-2005-2217 Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. | N/A | NONE | β | 0 |
| CVE-2005-2219 Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the Cr... | N/A | NONE | β | 0 |
| CVE-2005-2220 Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productsl... | N/A | NONE | β | 0 |
| CVE-2005-2221 Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview... | N/A | NONE | β | 0 |
| CVE-2005-2222 Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors. | N/A | NONE | β | 0 |
| CVE-2006-0891 Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_t... | N/A | NONE | β | 0 |
| CVE-2005-2223 Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication. | N/A | NONE | β | 0 |
| CVE-2005-2224 aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method. | N/A | NONE | β | 0 |
| CVE-2005-2225 Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users t... | N/A | NONE | β | 0 |
| CVE-2005-2226 Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. | N/A | NONE | β | 0 |
| CVE-2005-2227 Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges. | N/A | NONE | β | 0 |
| CVE-2005-2228 Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. | N/A | NONE | β | 0 |
| CVE-2005-2229 Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain s... | N/A | NONE | β | 0 |
| CVE-2005-2230 Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.