Full List

Search

Recent Vulnerabilities

• CVE-2005-0952 • published on April 3, 2005 Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
• CVE-2005-0953 • published on April 3, 2005 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
• CVE-2005-0956 • published on April 3, 2005 Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kart 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_man parameter.
• CVE-2005-0961 • published on April 3, 2005 Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
• CVE-2005-0963 • published on April 3, 2005 An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. NOTE: it has been debated as to whether or not this issue poses a security vulnerability, since administrative privileges would be required, and other DoS attacks are possible with such privileges.
• CVE-2005-0964 • published on April 3, 2005 Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions.
• CVE-2005-0962 • published on April 3, 2005 SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action.
• CVE-2005-0891 • published on April 1, 2005 Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
• CVE-2005-0386 • published on March 31, 2005 Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages.
• CVE-2005-0938 • published on March 30, 2005 Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb.
• CVE-2005-0937 • published on March 30, 2005 Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions.
• CVE-2005-0921 • published on March 29, 2005 Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
• CVE-2005-0763 • published on March 29, 2005 Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.
• CVE-2005-0892 • published on March 29, 2005 Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands.
• CVE-2005-0893 • published on March 29, 2005 modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc.
• CVE-2005-0899 • published on March 29, 2005 AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search.
• CVE-2005-0900 • published on March 29, 2005 marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid (1) file or (2) category parameter, which reveal the path in an error message.
• CVE-2005-0902 • published on March 29, 2005 SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter.
• CVE-2005-0906 • published on March 29, 2005 Buffer overflow in a player logging function in the Tincat network library 2.x before 2.0.28, as used in games such as Sacred and The Settlers: Heritage of Kings, allows remote attackers to execute arbitrary code.
• CVE-2005-0908 • published on March 29, 2005 Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to index.php or (2) the searchTopCategoryID parameter to search_result.php.