Latest CVE Feed
-
4.6
MEDIUMCVE-2005-2146
SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.... Read more
Affected Products : tectia_server- EPSS Score: %0.04
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1921
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch... Read more
- EPSS Score: %86.90
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2088
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Enc... Read more
- EPSS Score: %82.74
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2005-2144
Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file.... Read more
Affected Products : prevx_pro_2005- EPSS Score: %0.07
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2005-2142
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.... Read more
Affected Products : golden_ftp_server- EPSS Score: %0.15
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2115
Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation.... Read more
Affected Products : soldier_of_fortune_2- EPSS Score: %0.76
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2081
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.... Read more
Affected Products : asterisk- EPSS Score: %0.35
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2092
BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes... Read more
Affected Products : weblogic_server- EPSS Score: %2.11
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2019
ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to... Read more
Affected Products : freebsd- EPSS Score: %0.22
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2139
PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter.... Read more
Affected Products : pavsta_auto_site- EPSS Score: %0.46
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2094
Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which cause... Read more
Affected Products : one_web_server- EPSS Score: %1.56
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2112
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.... Read more
Affected Products : xoops- EPSS Score: %0.56
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-2110
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an erro... Read more
Affected Products : wordpress- EPSS Score: %1.23
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2093
Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length h... Read more
Affected Products : application_server- EPSS Score: %2.59
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-2111
login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.... Read more
Affected Products : community_link_pro_web_editor- EPSS Score: %2.88
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-2113
SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger... Read more
Affected Products : xoops- EPSS Score: %0.97
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2091
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which... Read more
Affected Products : websphere_application_server- EPSS Score: %1.65
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2005-1917
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.... Read more
Affected Products : kpopper- EPSS Score: %0.08
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-2089
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes II... Read more
Affected Products : internet_information_services- EPSS Score: %31.00
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2005-2136
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrar... Read more
- EPSS Score: %0.15
- Published: Jul. 05, 2005
- Modified: Apr. 03, 2025