Full List

Search

Recent Vulnerabilities

• CVE-2005-0630 • published on March 4, 2005 sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.
• CVE-2005-0637 • published on March 4, 2005 The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory.
• CVE-2005-0646 • published on March 4, 2005 SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter.
• CVE-2005-0605 • published on March 4, 2005 scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
• CVE-2005-0629 • published on March 4, 2005 Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.
• CVE-2005-0633 • published on March 4, 2005 Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
• CVE-2005-0634 • published on March 4, 2005 Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
• CVE-2005-0635 • published on March 4, 2005 Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command.
• CVE-2005-0640 • published on March 4, 2005 Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.
• CVE-2005-0642 • published on March 4, 2005 SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.
• CVE-2005-0649 • published on March 4, 2005 Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities."
• CVE-2005-0613 • published on March 3, 2005 Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
• CVE-2005-0626 • published on March 3, 2005 Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
• CVE-2005-0614 • published on March 3, 2005 sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
• CVE-2005-0620 • published on March 2, 2005 Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information.
• CVE-2004-0429 • published on March 2, 2005 Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors.
• CVE-2004-0428 • published on March 2, 2005 Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.
• CVE-2005-0618 • published on March 2, 2005 The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network.
• CVE-2005-0623 • published on March 2, 2005 Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL.
• CVE-2005-0455 • published on March 2, 2005 Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.