CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
17201 CVE-2005-2530 +Priv 2005-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."
17202 CVE-2005-2529 +Priv 2005-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."
17203 CVE-2005-2511 2005-08-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.
17204 CVE-2005-2425 Exec Code Overflow 2005-08-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string.
17205 CVE-2005-2420 Exec Code 2005-08-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request.
17206 CVE-2005-2368 78 Exec Code 2005-07-26 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
17207 CVE-2005-2334 Exec Code 2005-07-20 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Y.SAK allows remote attackers to execute arbitrary commands via shell metacharacters in the $no variable to (1) w_s3mbfm.cgi, (2) w_s3adix.cgi, or (3) w_s3sbfm.cgi.
17208 CVE-2005-2310 119 Exec Code Overflow 2005-07-19 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
17209 CVE-2005-2290 Exec Code 2005-07-18 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.
17210 CVE-2005-2286 +Priv 2005-07-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.
17211 CVE-2005-2277 Exec Code 2005-07-15 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.
17212 CVE-2005-2259 Exec Code 2005-07-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.
17213 CVE-2005-2257 +Priv 2005-07-13 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.
17214 CVE-2005-2249 File Inclusion 2005-07-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.
17215 CVE-2005-2247 2005-07-12 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.
17216 CVE-2005-2222 2005-07-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
17217 CVE-2005-2149 +Priv Sql 2005-07-06 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
17218 CVE-2005-2122 Exec Code Overflow 2005-10-21 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
17219 CVE-2005-2023 2005-06-17 2016-12-20
10.0
None Remote Low Not required Complete Complete Complete
The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.
17220 CVE-2005-2017 +Priv 2005-08-30 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540.
17221 CVE-2005-1983 Exec Code Overflow +Priv 2005-08-10 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
17222 CVE-2005-1924 Exec Code 2005-12-31 2018-10-19
9.3
None Remote Medium Not required Complete Complete Complete
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.
17223 CVE-2005-1897 2005-06-09 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors.
17224 CVE-2005-1851 Exec Code 2005-07-19 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors.
17225 CVE-2005-1850 2005-07-19 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916.
17226 CVE-2005-1812 119 Exec Code Overflow 2005-06-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet.
17227 CVE-2005-1740 Exec Code 2005-05-24 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.
17228 CVE-2005-1738 Exec Code 2005-05-24 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call.
17229 CVE-2005-1730 1 DoS 2005-12-31 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.
17230 CVE-2005-1693 Overflow +Priv 2005-05-24 2021-04-09
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.
17231 CVE-2005-1596 Exec Code Bypass 2005-05-16 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.
17232 CVE-2005-1560 Exec Code 2005-05-11 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute.
17233 CVE-2005-1559 Exec Code 2005-05-11 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi.
17234 CVE-2005-1452 2005-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."
17235 CVE-2005-1449 2005-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
17236 CVE-2005-1415 Exec Code Overflow 2005-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.
17237 CVE-2005-1365 Exec Code 2005-05-16 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.
17238 CVE-2005-1299 Exec Code 2005-04-25 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
17239 CVE-2005-1274 Exec Code Overflow 2005-04-26 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
17240 CVE-2005-1256 Exec Code Overflow 2005-05-25 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
17241 CVE-2005-1255 Exec Code Overflow 2005-05-25 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
17242 CVE-2005-1246 DoS Exec Code 2005-04-24 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
17243 CVE-2005-1208 Exec Code Overflow 2005-06-14 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
17244 CVE-2005-1177 2005-05-02 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
17245 CVE-2005-1131 2005-05-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact.
17246 CVE-2005-1099 Exec Code Overflow 2005-04-12 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.
17247 CVE-2005-1069 2005-05-02 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page."
17248 CVE-2005-1037 +Priv 2005-05-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.
17249 CVE-2005-1015 Exec Code Overflow 2005-05-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
17250 CVE-2005-1009 Exec Code Overflow 2005-05-02 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.