Full List

Search

Recent Vulnerabilities

• CVE-2005-1626 • published on May 17, 2005 Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code.
• CVE-2005-1638 • published on May 17, 2005 The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection.
• CVE-2005-1639 • published on May 17, 2005 SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, or (3) domain fields.
• CVE-2005-1629 • published on May 17, 2005 SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.
• CVE-2005-1632 • published on May 17, 2005 Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.
• CVE-2005-1637 • published on May 17, 2005 Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php.
• CVE-2005-1641 • published on May 17, 2005 mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service.
• CVE-2005-1307 • published on May 17, 2005 The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.
• CVE-2005-1264 • published on May 17, 2005 Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
• CVE-2005-1589 • published on May 17, 2005 The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
• CVE-2005-1631 • published on May 17, 2005 booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs.
• CVE-2005-1635 • published on May 17, 2005 JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain the full server path via direct requests to (1) jgs_portal_ref.php, (2) jgs_portal_land.php, (3) jgs_portal_log.php, (4) jgs_portal_global_sponsor.php, (5) jgs_portal_global.php, (6) jgs_portal_system.php, (7) jgs_portal_views.php; or multiple files in the jgs_portal_include directory, including (8) jgs_portal_boardmenue.php, (9) jgs_portal_forenliste.php, (10) jgs_portal_geburtstag.php, (11) jgs_portal_guckloch.php, (12) jgs_portal_kalender.php, (13) jgs_portal_letztethemen.php, (14) jgs_portal_links.php, (15) jgs_portal_neustemember.php, (16) jgs_portal_newsboard.php, (17) jgs_portal_online.php, (18) jgs_portal_pn.php, (19) jgs_portal_portalmenue.php, (20) jgs_portal_styles.php, (21) jgs_portal_suchen.php, (22) jgs_portal_team.php, (23) jgs_portal_topforen.php, (24) jgs_portal_topposter.php, (25) jgs_portal_umfrage.php, (26) jgs_portal_useravatar.php, (27) jgs_portal_waronline.php, (28) jgs_portal_woonline.php, or (29) jgs_portal_zufallsavatar.php.
• CVE-2005-1643 • published on May 17, 2005 The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and earlier allows remote attackers to cause a denial of service via a crafted UDP packet with a large size value, which causes a memory allocation error or an out-of-bounds read.
• CVE-2005-1628 • published on May 17, 2005 apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
• CVE-2005-1630 • published on May 17, 2005 Unknown vulnerability in Attachment Mod before 2.3.13, related to a "serious issue with realnames," has unknown impact and attack vectors.
• CVE-2005-1634 • published on May 17, 2005 Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) anzahl_beitraege parameter to jgs_portal.php, (2) year parameter to jgs_portal_statistik.php, (3) year parameter to jgs_portal_beitraggraf.php, (4) tag parameter to jgs_portal_viewsgraf.php, (5) year parameter to jgs_portal_themengraf.php, (6) year parameter to jgs_portal_mitgraf.php, (7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php. NOTE: this issue may stem from the same core problem as CVE-2005-1633.
• CVE-2005-1636 • published on May 17, 2005 mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
• CVE-2005-1642 • published on May 17, 2005 SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
• CVE-2005-1627 • published on May 17, 2005 Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact.
• CVE-2005-1633 • published on May 17, 2005 Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) anzahl_beitraege parameter to jgs_portal.php, 2) year parameter to (jgs_portal_statistik.php, 3) year parameter to (jgs_portal_beitraggraf.php, 4) tag parameter to (jgs_portal_viewsgraf.php, 5) year parameter to (jgs_portal_themengraf.php, 6) year parameter to (jgs_portal_mitgraf.php, 7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php.