Full List

Search

Recent Vulnerabilities

• CVE-2005-1079 • published on April 12, 2005 SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
• CVE-2005-1080 • published on April 12, 2005 Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
• CVE-2005-1082 • published on April 12, 2005 Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php.
• CVE-2005-1046 • published on April 12, 2005 Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
• CVE-2005-1047 • published on April 12, 2005 Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.
• CVE-2005-1049 • published on April 12, 2005 Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.
• CVE-2005-1053 • published on April 12, 2005 Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.
• CVE-2005-1055 • published on April 12, 2005 TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file.
• CVE-2005-1064 • published on April 12, 2005 The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files.
• CVE-2005-1070 • published on April 12, 2005 SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.
• CVE-2005-1078 • published on April 12, 2005 XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges.
• CVE-2005-1018 • published on April 12, 2005 Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field.
• CVE-2005-1045 • published on April 12, 2005 OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.
• CVE-2005-1056 • published on April 12, 2005 Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service.
• CVE-2005-1059 • published on April 12, 2005 Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.
• CVE-2005-1067 • published on April 12, 2005 Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new".
• CVE-2005-1071 • published on April 12, 2005 SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter.
• CVE-2005-1074 • published on April 12, 2005 SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter.
• CVE-2005-1041 • published on April 12, 2005 The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route.
• CVE-2005-1042 • published on April 12, 2005 Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.