Full List

Search

Recent Vulnerabilities

• CVE-2005-0420 • published on February 15, 2005 Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.
• CVE-2005-0428 • published on February 15, 2005 The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.
• CVE-2005-0431 • published on February 15, 2005 Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam.
• CVE-2005-0432 • published on February 15, 2005 BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.
• CVE-2005-0435 • published on February 15, 2005 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
• CVE-2005-0436 • published on February 15, 2005 Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.
• CVE-2005-0440 • published on February 15, 2005 ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.
• CVE-2005-0441 • published on February 15, 2005 Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement.
• CVE-2005-0443 • published on February 15, 2005 index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
• CVE-2005-0445 • published on February 15, 2005 Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.
• CVE-2005-0447 • published on February 15, 2005 Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.
• CVE-2005-0421 • published on February 15, 2005 DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.
• CVE-2005-0423 • published on February 15, 2005 SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field.
• CVE-2005-0424 • published on February 15, 2005 Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730.
• CVE-2005-0425 • published on February 15, 2005 Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine.
• CVE-2005-0427 • published on February 15, 2005 The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.
• CVE-2005-0429 • published on February 15, 2005 Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.
• CVE-2005-0437 • published on February 15, 2005 Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.
• CVE-2005-0442 • published on February 15, 2005 Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter.
• CVE-2005-0419 • published on February 15, 2005 Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.