Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2005-1793 User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and h... | N/A | NONE | — | 0 |
| CVE-2005-1794 Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of leg... | N/A | NONE | — | 0 |
| CVE-2005-1809 Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service (panic) via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object Push. | N/A | NONE | — | 0 |
| CVE-2005-1810 SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat para... | N/A | NONE | — | 0 |
| CVE-2005-1811 Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile. | N/A | NONE | — | 0 |
| CVE-2005-1812 Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Rea... | N/A | NONE | — | 0 |
| CVE-2005-1813 Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2... | N/A | NONE | — | 0 |
| CVE-2005-1814 Stack-based buffer overflow in PicoWebServer 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URL. | N/A | NONE | — | 0 |
| CVE-2005-1815 Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long ar... | N/A | NONE | — | 0 |
| CVE-2005-1816 Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen. | N/A | NONE | — | 0 |
| CVE-2005-1817 Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters. | N/A | NONE | — | 0 |
| CVE-2005-1818 Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 allow remote attackers to execute arbitrary SQL commands via unknown attack vectors. | N/A | NONE | — | 0 |
| CVE-2005-1819 Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2005-1820 zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function. | N/A | NONE | — | 0 |
| CVE-2005-1821 PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php. | N/A | NONE | — | 0 |
| CVE-2005-1822 Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) m... | N/A | NONE | — | 0 |
| CVE-2005-1823 Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) ... | N/A | NONE | — | 0 |
| CVE-2005-1834 SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. | N/A | NONE | — | 0 |
| CVE-2005-1835 NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb... | N/A | NONE | — | 0 |
| CVE-2005-1836 NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files. | N/A | NONE | — | 0 |
| CVE-2005-1837 Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges. | N/A | NONE | — | 0 |
| CVE-2005-1824 The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the modul... | N/A | NONE | — | 0 |
| CVE-2005-1838 Multiple cross-site scripting vulnerabilities in castnewPost.asp in Liberum Help Desk 0.97.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Email, (2) Title, or (3) Descript... | N/A | NONE | — | 0 |
| CVE-2005-1839 Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.asp or (2) print.asp or (3) edit... | N/A | NONE | — | 0 |
| CVE-2005-1840 Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the lan... | N/A | NONE | — | 0 |
| CVE-2005-1875 Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage p... | N/A | NONE | — | 0 |
| CVE-2005-1903 Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to execute arbitrary code via a long CREATE command. | N/A | NONE | — | 0 |
| CVE-2005-1906 SQL injection vulnerability in login.asp in livingmailing 1.3 allows remote attackers to execute arbitrary SQL commands via the password. NOTE: there is little public information about this product an... | N/A | NONE | — | 0 |
| CVE-2005-1858 FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensiti... | N/A | NONE | — | 0 |
| CVE-2005-1872 Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2005-1910 SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the password. | N/A | NONE | — | 0 |
| CVE-2005-1877 Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid param... | N/A | NONE | — | 0 |
| CVE-2005-1880 everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | 5.5 | MEDIUM | — | 0 |
| CVE-2005-1881 upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP cod... | N/A | NONE | — | 0 |
| CVE-2005-1885 view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message. | N/A | NONE | — | 0 |
| CVE-2005-1888 Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. | N/A | NONE | — | 0 |
| CVE-2005-1869 PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter. | N/A | NONE | — | 0 |
| CVE-2005-1889 Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. | N/A | NONE | — | 0 |
| CVE-2005-1890 Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors. | N/A | NONE | — | 0 |
| CVE-2005-1961 Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user. | N/A | NONE | — | 0 |
| CVE-2005-1969 Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserver 6.0 allows remote attackers to inject arbitrary web script or HTML, and hide activities in log files, via a "<!--" (HTML comment... | N/A | NONE | — | 0 |
| CVE-2005-0756 ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on the amd64 platform, which allows local users to cause a denial of service (kernel crash). | N/A | NONE | — | 0 |
| CVE-2005-1723 LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to ... | N/A | NONE | — | 0 |
| CVE-2005-1724 NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restri... | N/A | NONE | — | 0 |
| CVE-2005-1725 launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory. | N/A | NONE | — | 0 |
| CVE-2005-1727 Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorize... | N/A | NONE | — | 0 |
| CVE-2005-1728 MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Portable Home Directory credentials, which allows local users to obtain the credentials. | N/A | NONE | — | 0 |
| CVE-2005-1756 Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields. | N/A | NONE | — | 0 |
| CVE-2005-1757 Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2005-1758 Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.