Latest CVE Feed
-
7.5
HIGHCVE-2005-2160
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.... Read more
Affected Products : imail- EPSS Score: %1.00
- Published: Jul. 06, 2005
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2005-2136
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrar... Read more
- EPSS Score: %0.15
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2138
Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message.... Read more
Affected Products : comdev_ecommerce- EPSS Score: %0.33
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2091
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which... Read more
Affected Products : websphere_application_server- EPSS Score: %1.65
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2005-1917
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.... Read more
Affected Products : kpopper- EPSS Score: %0.08
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2089
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes II... Read more
Affected Products : internet_information_services- EPSS Score: %31.00
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2092
BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes... Read more
Affected Products : weblogic_server- EPSS Score: %2.11
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2081
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.... Read more
Affected Products : asterisk- EPSS Score: %0.35
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2087
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CL... Read more
- EPSS Score: %65.27
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2109
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.... Read more
Affected Products : wordpress- EPSS Score: %1.08
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-1923
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to ... Read more
Affected Products : clamav- EPSS Score: %0.66
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2137
Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors.... Read more
Affected Products : nateon_messenger- EPSS Score: %0.39
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2140
Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter.... Read more
Affected Products : fsboard- EPSS Score: %3.05
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2082
im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter.... Read more
Affected Products : imtrset- EPSS Score: %0.48
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2005-1932
Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arb... Read more
Affected Products : lpanel- EPSS Score: %0.21
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2005-2146
SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.... Read more
Affected Products : tectia_server- EPSS Score: %0.04
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2115
Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation.... Read more
Affected Products : soldier_of_fortune_2- EPSS Score: %0.76
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-2086
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.... Read more
Affected Products : phpbb- EPSS Score: %84.84
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2005-2145
The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message.... Read more
Affected Products : prevx_pro_2005- EPSS Score: %0.06
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2085
Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command.... Read more
Affected Products : inframail_advantage- EPSS Score: %6.42
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025