Full List

Search

Recent Vulnerabilities

• CVE-2005-0805 • published on March 20, 2005 SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.
• CVE-2005-0806 • published on March 20, 2005 Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames.
• CVE-2005-0810 • published on March 20, 2005 SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL.
• CVE-2005-0812 • published on March 20, 2005 The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information.
• CVE-2005-0815 • published on March 20, 2005 Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.
• CVE-2005-0818 • published on March 20, 2005 Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.
• CVE-2005-0819 • published on March 20, 2005 The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.
• CVE-2005-0820 • published on March 20, 2005 Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
• CVE-2001-1415 • published on March 18, 2005 vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
• CVE-2005-0210 • published on March 18, 2005 Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice.
• CVE-2005-0209 • published on March 18, 2005 Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.
• CVE-2005-0384 • published on March 18, 2005 Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
• CVE-2005-0515 • published on March 18, 2005 Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files.
• CVE-2005-0396 • published on March 18, 2005 Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."
• CVE-2005-0765 • published on March 18, 2005 Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).
• CVE-2005-0767 • published on March 18, 2005 Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root.
• CVE-2005-0769 • published on March 18, 2005 Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.
• CVE-2005-0766 • published on March 18, 2005 Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash).
• CVE-2005-0768 • published on March 18, 2005 Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380.
• CVE-2005-0770 • published on March 18, 2005 Format string vulnerability in DataRescue Interactive Disassembler and Debugger (IDA) Pro 4.7.0.830 allows remote attackers or local users to cause a denial of service (CPU consumption or application crash) and possibly execute arbitrary code via format string specifiers in a dynamic link library (DLL) name.