Full List

Search

Recent Vulnerabilities

• CVE-2005-0590 • published on February 28, 2005 The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
• CVE-2005-0574 • published on February 27, 2005 Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL.
• CVE-2005-0580 • published on February 27, 2005 cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.
• CVE-2005-0576 • published on February 27, 2005 Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
• CVE-2005-0567 • published on February 27, 2005 Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
• CVE-2005-0566 • published on February 27, 2005 Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO command.
• CVE-2005-0568 • published on February 27, 2005 Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.
• CVE-2005-0570 • published on February 27, 2005 profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL.
• CVE-2005-0573 • published on February 27, 2005 Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters.
• CVE-2005-0569 • published on February 27, 2005 Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.
• CVE-2005-0572 • published on February 27, 2005 index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message.
• CVE-2005-0575 • published on February 27, 2005 Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
• CVE-2005-0565 • published on February 27, 2005 The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension.
• CVE-2005-0571 • published on February 27, 2005 admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter.
• CVE-2005-0577 • published on February 27, 2005 Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files.
• CVE-2005-0578 • published on February 27, 2005 Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.
• CVE-2005-0579 • published on February 27, 2005 nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication.
• CVE-2003-1087 • published on February 26, 2005 Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic.
• CVE-2004-1709 • published on February 26, 2005 Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
• CVE-2004-1710 • published on February 26, 2005 page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.