CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0957 Bypass 2005-03-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attackers to bypass authentication by pressing the escape and enter keys at the username prompt.
2 CVE-2005-0950 Dir. Trav. 2005-03-29 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows remote attackers to read arbitrary files via a (1) ... (triple dot) or (2) ..\ (dot dot backslash) in the URL.
3 CVE-2005-0946 Exec Code Sql 2005-03-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.
4 CVE-2005-0943 DoS 2005-03-30 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
5 CVE-2005-0931 Exec Code File Inclusion 2005-03-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code.
6 CVE-2005-0924 XSS 2005-03-29 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword.
7 CVE-2005-0919 XSS 2005-03-29 2008-09-05
4.3
None Remote Medium Not required None Partial None
Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks.
8 CVE-2005-0914 XSS 2005-03-26 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter.
9 CVE-2005-0912 2005-03-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb.
10 CVE-2005-0911 Exec Code Sql 2005-03-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php.
11 CVE-2005-0908 XSS 2005-03-28 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to index.php or (2) the searchTopCategoryID parameter to search_result.php.
12 CVE-2005-0900 +Info 2005-03-26 2008-09-05
5.0
None Remote Low Not required Partial None None
marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid (1) file or (2) category parameter, which reveal the path in an error message.
13 CVE-2005-0898 XSS 2005-03-26 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter.
14 CVE-2005-0892 Exec Code Overflow 2005-03-28 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands.
15 CVE-2005-0889 XSS 2005-03-24 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
16 CVE-2005-0887 Exec Code 2005-03-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
17 CVE-2005-0883 XSS 2005-03-23 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in base.php for DigitalHive 2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the mt parameter to the membres.php page or (2) the -afs-1- query string to the msg.php page.
18 CVE-2005-0881 XSS 2005-03-23 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in articles.newcomment for Interspire ArticleLive 2005 allows remote attackers to inject arbitrary web script or HTML via the Articleld parameter.
19 CVE-2005-0878 XSS 2005-03-23 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message).
20 CVE-2005-0799 DoS 2005-03-15 2008-09-05
5.0
None Remote Low Not required None None Partial
MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.
21 CVE-2005-0798 2005-03-15 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks.
22 CVE-2005-0797 200 +Info 2005-03-15 2008-09-05
5.0
None Remote Low Not required Partial None None
Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
23 CVE-2005-0795 2005-03-14 2008-09-05
5.0
None Remote Low Not required None Partial None
HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.
24 CVE-2005-0794 DoS 2005-03-15 2008-09-05
6.4
None Remote Low Not required None Partial Partial
ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php.
25 CVE-2005-0793 Exec Code File Inclusion 2005-03-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter.
26 CVE-2005-0792 Exec Code Sql 2005-03-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php.
27 CVE-2005-0791 XSS 2005-03-14 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter.
28 CVE-2005-0790 +Info 2005-03-14 2008-09-05
5.0
None Remote Low Not required Partial None None
phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message.
29 CVE-2005-0789 Dir. Trav. 2005-03-14 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request.
30 CVE-2005-0788 2005-03-14 2008-09-05
5.0
None Remote Low Not required Partial None None
LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request.
31 CVE-2005-0786 Exec Code Sql 2005-03-14 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php.
32 CVE-2005-0780 +Info 2005-03-12 2008-09-05
5.0
None Remote Low Not required Partial None None
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message.
33 CVE-2005-0774 Exec Code Sql 2005-03-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter.
34 CVE-2005-0767 Exec Code 2005-03-15 2010-08-21
6.9
Admin Local Medium Not required Complete Complete Complete
Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root.
35 CVE-2005-0765 DoS 2005-03-12 2010-08-21
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).
36 CVE-2005-0761 DoS 2005-03-23 2010-08-21
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.
37 CVE-2005-0759 DoS 2005-03-23 2010-08-21
5.0
None Remote Low Not required None None Partial
ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
38 CVE-2005-0750 +Priv 2005-03-27 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
39 CVE-2005-0748 94 Exec Code File Inclusion 2005-03-10 2011-08-23
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code.
40 CVE-2005-0747 +Info 2005-03-08 2008-09-05
5.0
None Remote Low Not required Partial None None
ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp.
41 CVE-2005-0745 Bypass 2005-03-09 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset.
42 CVE-2005-0741 XSS 2005-03-08 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.
43 CVE-2005-0736 Overflow 2005-03-09 2010-08-21
2.1
None Local Low Not required None Partial None
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
44 CVE-2005-0731 DoS 2005-03-10 2008-09-05
5.0
None Remote Low Not required None None Partial
PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html.
45 CVE-2005-0725 Exec Code Sql 2005-03-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
46 CVE-2005-0723 XSS 2005-03-08 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php.
47 CVE-2005-0722 2005-03-07 2008-09-05
5.0
None Remote Low Not required Partial None None
eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message.
48 CVE-2005-0720 94 Exec Code File Inclusion 2005-03-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.
49 CVE-2005-0719 DoS 2005-03-09 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd.
50 CVE-2005-0716 Exec Code Overflow 2005-03-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
Total number of vulnerabilities : 164   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.