CVE Daily
← All years

Uncategorized 2005

Page 8/38.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2005-12-05
Medium

CVE-2005-3998

Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2005-3997

Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) grap…

CVSS: 2.6CWE: N/A
Read more
High

CVE-2005-3993

Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands.

CVSS: 7.8CWE: N/A
Read more
2005-12-04
Medium

CVE-2005-3991

Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3992

Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) P…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3988

SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3989

Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-3986

Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parame…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3987

Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3985

The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted I…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-3980

SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3981

NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain argument…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2005-3982

CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3983

Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser h…

CVSS: 7.8CWE: N/A
Read more
2005-12-03
Medium

CVE-2005-3972

Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search paramet…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3977

Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3976

SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 S…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3975

Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPE…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2005-3974

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2005-3973

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and value…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3978

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrar…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3971

Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3969

SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3968

SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3967

Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.q…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3966

Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3970

Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
2005-12-02
High

CVE-2005-3964

Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c an…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3963

SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie.

CVSS: 7.5CWE: N/A
Read more
2005-12-01
Medium

CVE-2005-3962

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format strin…

CVSS: 4.6CWE: CWE-189
Read more
Medium

CVE-2005-3954

Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3948

Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3949

Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3950

nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets.

CVSS: 6.8CWE: N/A
Read more
High

CVE-2005-3951

SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3953

SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3960

Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-3956

Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sorto…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2005-3957

Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2005-3958

SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3959

Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor para…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3961

export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3945

The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial o…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2005-3947

Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3934

Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-3944

SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEY_ID parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3935

SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3943

Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; a…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3931

SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3932

SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3933

SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3930

SQL injection vulnerability in index.php in N-13 News 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3936

PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3937

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffe…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3938

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.p…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3939

Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3940

SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3941

SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3942

SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3702

Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3705

Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vector…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3704

System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3701

Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2005-3700

Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.

CVSS: 4.6CWE: N/A
Read more
High

CVE-2005-2757

Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs…

CVSS: 7.5CWE: N/A
Read more
2005-11-30
High

CVE-2005-3918

Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOT…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3929

Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in th…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3928

Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users to execute arbitrary code via a long command line argument.

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2005-3927

Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng…

CVSS: 6.4CWE: N/A
Read more
High

CVE-2005-3926

Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADD…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3925

Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, an…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3924

SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3923

NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3922

Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.

CVSS: 7.5CWE: N/A
Read more
Low

CVE-2005-3921

Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator v…

CVSS: 2.6CWE: N/A
Read more
High

CVE-2005-3920

SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3919

Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3912

Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3917

SQL injection vulnerability in usersession in CommodityRentals 2.0 Online Rental Business Creator script allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3909

SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3916

SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3905

Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbo…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3906

Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3907

Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary a…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3904

Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrar…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3910

merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3911

Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) category parameters.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3913

Unspecified vulnerability in the domain alias management in Virtual Hosting Control System (VHCS) 2.4.6.2, related to "creating and deleting forwards for domain aliases," allows users to hijack the f…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3914

Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemI…

CVSS: 6.4CWE: N/A
Read more
High

CVE-2005-3915

The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as…

CVSS: 7.5CWE: N/A
Read more
2005-11-29
Medium

CVE-2005-3902

Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via q…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3900

Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or cra…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-3901

Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated usin…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2005-3892

Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3899

The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be s…

CVSS: 5.4CWE: N/A
Read more
High

CVE-2005-3897

Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-3896

Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2005-3895

Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue…

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2005-3894

Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary w…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3893

Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-2124

Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows…

CVSS: 7.6CWE: N/A
Read more
High

CVE-2005-3891

Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-3889

Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large numb…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-3888

Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2005-3887

Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2)…

CVSS: 5.4CWE: N/A
Read more
High

CVE-2005-2123

Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows M…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3890

Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-3886

Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certa…

CVSS: 7.2CWE: N/A
Read more
Low

CVE-2005-3885

The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.

CVSS: 2.1CWE: N/A
Read more
High

CVE-2005-3879

Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3875

Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete a…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3876

Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ADC2000 NG Pro 1.2 and NG Pro Lite allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) lang paramete…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3878

Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2005-3883

CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3880

Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in users/comments.php, (2) category_…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3882

SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3873

SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3884

Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3874

SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3870

Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters.

CVSS: 7.5CWE: N/A
Read more
>