Full List

Search

Recent Vulnerabilities

• CVE-2005-1485 • published on May 11, 2005 Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message.
• CVE-2005-1488 • published on May 11, 2005 Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html.
• CVE-2005-1498 • published on May 11, 2005 Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. NOTE: issues 2, 3, and 4 may be due to a problem in associated products rather than myBloggie itself.
• CVE-2005-1499 • published on May 11, 2005 delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter.
• CVE-2005-1505 • published on May 11, 2005 The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
• CVE-2005-1507 • published on May 11, 2005 Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL.
• CVE-2005-1512 • published on May 11, 2005 The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files.
• CVE-2005-1517 • published on May 11, 2005 Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).
• CVE-2005-1518 • published on May 11, 2005 Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.
• CVE-2005-1483 • published on May 11, 2005 Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter.
• CVE-2005-1484 • published on May 11, 2005 Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command.
• CVE-2005-1492 • published on May 11, 2005 Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
• CVE-2005-1495 • published on May 11, 2005 Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.
• CVE-2005-1497 • published on May 11, 2005 index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message.
• CVE-2005-1509 • published on May 11, 2005 SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
• CVE-2005-1510 • published on May 11, 2005 PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message.
• CVE-2005-1516 • published on May 11, 2005 DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
• CVE-2005-1513 • published on May 11, 2005 Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
• CVE-2003-1146 • published on May 10, 2005 Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
• CVE-2003-1170 • published on May 10, 2005 Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments.