Количество 331 878
Количество 331 878
CVE-2005-0959
Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may allow attackers to execute arbitrary code via a long path.
CVE-2005-0958
Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command.
CVE-2005-0957
Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attackers to bypass authentication by pressing the escape and enter keys at the username prompt.
CVE-2005-0956
Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kart 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_man parameter.
CVE-2005-0955
SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter.
CVE-2005-0954
Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file.
CVE-2005-0953
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
CVE-2005-0952
Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2005-0951
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate was created as a result of an analysis error for a researcher advisory for an issue that already existed. It stated an incorrect parameter, which was not part of the vulnerability at all. Notes: CVE users should not reference this candidate at all
CVE-2005-0950
Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows remote attackers to read arbitrary files via a (1) ... (triple dot) or (2) ..\ (dot dot backslash) in the URL.
CVE-2005-0949
Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter.
CVE-2005-0948
SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter.
CVE-2005-0947
Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter.
CVE-2005-0946
SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.
CVE-2005-0945
Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.
CVE-2005-0944
Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file.
CVE-2005-0943
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
CVE-2005-0942
The XP Server process (xp_server) in Sybase Adaptive Server Enterprise (ASE) XP Server 12.x before 12.5.3 ESD#1 allows attackers to cause a denial of service (process crash) via malformed data sent to the XP Server TCP port.
CVE-2005-0941
The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.
CVE-2005-0940
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0490. Reason: This candidate was inadvertently referenced in a vendor advisory due to a typo. Notes: All CVE users should reference CVE-2005-0490 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2005-0959 Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may allow attackers to execute arbitrary code via a long path. | CVSS2: 7.5 | 4% Низкий | почти 21 год назад |
| CVE-2005-0958 Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command. | CVSS2: 7.5 | 6% Низкий | почти 21 год назад |
| CVE-2005-0957 Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attackers to bypass authentication by pressing the escape and enter keys at the username prompt. | CVSS2: 7.5 | 1% Низкий | почти 21 год назад |
| CVE-2005-0956 Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kart 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_man parameter. | CVSS2: 7.5 | 0% Низкий | почти 21 год назад |
| CVE-2005-0955 SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter. | CVSS2: 7.5 | 1% Низкий | почти 21 год назад |
| CVE-2005-0954 Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. | CVSS2: 5 | 24% Средний | почти 21 год назад |
| CVE-2005-0953 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. | CVSS2: 3.7 | 0% Низкий | почти 21 год назад |
| CVE-2005-0952 Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | CVSS2: 5 | 4% Низкий | почти 21 год назад |
| CVE-2005-0951 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate was created as a result of an analysis error for a researcher advisory for an issue that already existed. It stated an incorrect parameter, which was not part of the vulnerability at all. Notes: CVE users should not reference this candidate at all | почти 21 год назад | ||
| CVE-2005-0950 Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows remote attackers to read arbitrary files via a (1) ... (triple dot) or (2) ..\ (dot dot backslash) in the URL. | CVSS2: 5 | 8% Низкий | почти 21 год назад |
| CVE-2005-0949 Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter. | CVSS2: 4.3 | 1% Низкий | почти 21 год назад |
| CVE-2005-0948 SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter. | CVSS2: 7.5 | 2% Низкий | почти 21 год назад |
| CVE-2005-0947 Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter. | CVSS2: 7.5 | 0% Низкий | почти 21 год назад |
| CVE-2005-0946 SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page. | CVSS2: 7.5 | 0% Низкий | почти 21 год назад |
| CVE-2005-0945 Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags. | CVSS2: 4.3 | 1% Низкий | почти 21 год назад |
| CVE-2005-0944 Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file. | CVSS2: 7.5 | 44% Средний | почти 21 год назад |
| CVE-2005-0943 Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet. | CVSS2: 5 | 1% Низкий | почти 21 год назад |
| CVE-2005-0942 The XP Server process (xp_server) in Sybase Adaptive Server Enterprise (ASE) XP Server 12.x before 12.5.3 ESD#1 allows attackers to cause a denial of service (process crash) via malformed data sent to the XP Server TCP port. | CVSS2: 5 | 1% Низкий | почти 21 год назад |
| CVE-2005-0941 The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow. | CVSS2: 5.1 | 3% Низкий | почти 21 год назад |
| CVE-2005-0940 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0490. Reason: This candidate was inadvertently referenced in a vendor advisory due to a typo. Notes: All CVE users should reference CVE-2005-0490 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | почти 21 год назад |
Уязвимостей на страницу