Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2005-0612 Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain hard-coded default SNMP community strings, which allows remote attackers to gain access, cause a denial of service, and modify co... | N/A | NONE | — | 0 |
| CVE-2005-0614 sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. | N/A | NONE | — | 0 |
| CVE-2005-0615 Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. | N/A | NONE | — | 0 |
| CVE-2005-0617 SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. | N/A | NONE | — | 0 |
| CVE-2005-0618 The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, wh... | N/A | NONE | — | 0 |
| CVE-2005-0621 Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) s... | N/A | NONE | — | 0 |
| CVE-2005-0627 Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute... | N/A | NONE | — | 0 |
| CVE-2005-0634 Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command. | N/A | NONE | — | 0 |
| CVE-2005-0635 Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command. | N/A | NONE | — | 0 |
| CVE-2005-0637 The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory... | N/A | NONE | — | 0 |
| CVE-2005-0642 SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file. | N/A | NONE | — | 0 |
| CVE-2005-0643 Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files. | N/A | NONE | — | 0 |
| CVE-2005-0644 Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CV... | N/A | NONE | — | 0 |
| CVE-2005-0645 Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR heade... | N/A | NONE | — | 0 |
| CVE-2005-0646 SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter. | N/A | NONE | — | 0 |
| CVE-2005-0647 admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. | N/A | NONE | — | 0 |
| CVE-2005-0648 Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol." | N/A | NONE | — | 0 |
| CVE-2005-0649 Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." | N/A | NONE | — | 0 |
| CVE-2005-0650 Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred t... | N/A | NONE | — | 0 |
| CVE-2005-0651 Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "dri... | N/A | NONE | — | 0 |
| CVE-2005-0652 Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files. | N/A | NONE | — | 0 |
| CVE-2005-0653 phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | N/A | NONE | — | 0 |
| CVE-2005-0654 gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set... | N/A | NONE | — | 0 |
| CVE-2005-0655 auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP er... | N/A | NONE | — | 0 |
| CVE-2005-0656 Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.ph... | N/A | NONE | — | 0 |
| CVE-2005-0657 Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. (dot dot... | N/A | NONE | — | 0 |
| CVE-2005-0658 SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter. | N/A | NONE | — | 0 |
| CVE-2005-0659 phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. | N/A | NONE | — | 0 |
| CVE-2005-0660 Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.p... | N/A | NONE | — | 0 |
| CVE-2005-0661 SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or ... | N/A | NONE | — | 0 |
| CVE-2005-0662 Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field. | N/A | NONE | — | 0 |
| CVE-2005-0663 SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter. | N/A | NONE | — | 0 |
| CVE-2005-0664 Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possib... | N/A | NONE | — | 0 |
| CVE-2005-0665 Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename. | N/A | NONE | — | 0 |
| CVE-2005-0666 Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass int... | N/A | NONE | — | 0 |
| CVE-2005-0669 Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter ... | N/A | NONE | — | 0 |
| CVE-2005-0670 Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod... | N/A | NONE | — | 0 |
| CVE-2005-0672 Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference. | N/A | NONE | — | 0 |
| CVE-2005-0673 Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) al... | N/A | NONE | — | 0 |
| CVE-2005-0675 Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters. | N/A | NONE | — | 0 |
| CVE-2005-0677 index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter. | N/A | NONE | — | 0 |
| CVE-2005-0678 PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL o... | N/A | NONE | — | 0 |
| CVE-2005-0679 PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root paramet... | N/A | NONE | — | 0 |
| CVE-2005-0682 Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs. | N/A | NONE | — | 0 |
| CVE-2005-0704 Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2005-0705 The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled. allows remote attackers to cause a denial of service (application crash). | N/A | NONE | — | 0 |
| CVE-2005-0706 Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. | N/A | NONE | — | 0 |
| CVE-2005-0707 Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. | N/A | NONE | — | 0 |
| CVE-2005-0709 MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demons... | N/A | NONE | — | 0 |
| CVE-2005-0710 MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSER... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.