Full List

Search

Recent Vulnerabilities

• CVE-2005-1394 • published on May 2, 2005 Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.
• CVE-2005-1398 • published on May 2, 2005 phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are also affected.
• CVE-2005-1062 • published on April 29, 2005 The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods.
• CVE-2005-1063 • published on April 29, 2005 The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations."
• CVE-2005-1270 • published on April 28, 2005 The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
• CVE-2005-1348 • published on April 28, 2005 Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.
• CVE-2005-1349 • published on April 28, 2005 Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.
• CVE-2005-1353 • published on April 28, 2005 The forum.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.
• CVE-2005-1347 • published on April 28, 2005 ** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause a denial of service ("Invalid-ID-Handle-Error" error) and modify memory beginning at a particular address, possibly allowing the execution of arbitrary code, via a crafted PDF file. NOTE: the vendor has stated that the reporter refused to provide sufficient details to confirm the issue. In addition, due to the lack of details in the original advisory, an independent verification is not possible. Finally, the reliability of the original reporter is unknown. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example of the newly defined UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is highly likely that this item will be REJECTED.
• CVE-2005-1350 • published on April 28, 2005 The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
• CVE-2005-1351 • published on April 28, 2005 The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
• CVE-2005-1345 • published on April 28, 2005 Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
• CVE-2005-1356 • published on April 28, 2005 Cross-site scripting (XSS) vulnerability in includer.cgi script in The Includer allows remote attackers to inject arbitrary web script or HTML via the argument.
• CVE-2005-1346 • published on April 28, 2005 Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file.
• CVE-2005-1352 • published on April 28, 2005 Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
• CVE-2005-1354 • published on April 28, 2005 The forum.pl script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
• CVE-2005-1355 • published on April 28, 2005 includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801.
• CVE-2005-1358 • published on April 28, 2005 text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
• CVE-2005-1357 • published on April 28, 2005 text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
• CVE-2005-1359 • published on April 28, 2005 Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.