Количество 331 342
Количество 331 342
CVE-2005-3727
SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter.
CVE-2005-3726
SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows remote attackers to execute arbitrary SQL commands via the Query parameter.
CVE-2005-3725
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
CVE-2005-3724
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
CVE-2005-3723
Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service.
CVE-2005-3722
The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials.
CVE-2005-3721
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.
CVE-2005-3720
The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions.
CVE-2005-3719
Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration.
CVE-2005-3718
UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or execute arbitrary shell commands via rlogin, which does not require authentication.
CVE-2005-3717
The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to gain full access to the system.
CVE-2005-3716
The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information.
CVE-2005-3715
Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service.
CVE-2005-3714
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.
CVE-2005-3713
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
CVE-2005-3712
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
CVE-2005-3711
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.
CVE-2005-3710
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
CVE-2005-3709
Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.
CVE-2005-3708
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2005-3727 SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. | CVSS2: 7.5 | 4% Низкий | около 20 лет назад |
| CVE-2005-3726 SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows remote attackers to execute arbitrary SQL commands via the Query parameter. | CVSS2: 7.5 | 1% Низкий | около 20 лет назад |
| CVE-2005-3725 Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE. | CVSS2: 6.4 | 1% Низкий | около 20 лет назад |
| CVE-2005-3724 Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. | CVSS2: 6.4 | 2% Низкий | около 20 лет назад |
| CVE-2005-3723 Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service. | CVSS2: 7.5 | 1% Низкий | около 20 лет назад |
| CVE-2005-3722 The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials. | CVSS2: 7.5 | 1% Низкий | около 20 лет назад |
| CVE-2005-3721 The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration. | CVSS2: 5 | 1% Низкий | около 20 лет назад |
| CVE-2005-3720 The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions. | CVSS2: 5 | 0% Низкий | около 20 лет назад |
| CVE-2005-3719 Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration. | CVSS2: 4.6 | 0% Низкий | около 20 лет назад |
| CVE-2005-3718 UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or execute arbitrary shell commands via rlogin, which does not require authentication. | CVSS2: 7.5 | 2% Низкий | около 20 лет назад |
| CVE-2005-3717 The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to gain full access to the system. | CVSS2: 7.5 | 1% Низкий | около 20 лет назад |
| CVE-2005-3716 The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information. | CVSS3: 7.5 | 1% Низкий | около 20 лет назад |
| CVE-2005-3715 Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service. | CVSS2: 7.5 | 1% Низкий | около 20 лет назад |
| CVE-2005-3714 The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets. | CVSS2: 5 | 1% Низкий | около 20 лет назад |
| CVE-2005-3713 Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block. | CVSS2: 7.5 | 40% Средний | около 20 лет назад |
| CVE-2005-3712 Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes. | CVSS2: 6.5 | 4% Низкий | около 20 лет назад |
| CVE-2005-3711 Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values. | CVSS2: 7.5 | 6% Низкий | около 20 лет назад |
| CVE-2005-3710 Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. | CVSS2: 7.5 | 32% Средний | около 20 лет назад |
| CVE-2005-3709 Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file. | CVSS2: 7.5 | 5% Низкий | около 20 лет назад |
| CVE-2005-3708 Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. | CVSS2: 7.5 | 3% Низкий | около 20 лет назад |
Уязвимостей на страницу