Search Results (Refine Search)

Search Parameters:
There are 143,210 matching records.
Displaying matches 129,361 through 129,380.
Vuln ID Summary CVSS Severity
CVE-2005-3411

Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method.

Published: November 01, 2005; 3:03:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2005-3412

Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag.

Published: November 01, 2005; 3:03:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2005-3413

Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter.

Published: November 01, 2005; 3:03:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2005-3414

eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials.

Published: November 01, 2005; 3:03:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2005-2739

Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2005-2749

Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2005-2750

Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2005-2751

memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2005-2752

An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2005-2977

The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2005-3313

The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop).

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2005-3387

The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2005-3388

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2005-3389

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2005-3390

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2005-3391

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2005-3392

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2005-3393

Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2005-3394

Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2005-3395

SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.

Published: November 01, 2005; 7:47:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH