CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0002 2005-05-02 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.
2 CVE-2005-0011 Exec Code Overflow 2005-05-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.
3 CVE-2005-0050 20 DoS Exec Code 2005-05-02 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."
4 CVE-2005-0059 Exec Code Overflow 2005-05-02 2019-04-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
5 CVE-2005-0065 DoS 2005-05-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
6 CVE-2005-0194 Bypass 2005-05-02 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
7 CVE-2005-0260 Exec Code Overflow 2005-05-02 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
8 CVE-2005-0339 DoS Exec Code Overflow 2005-05-02 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Foxmail 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long MAIL FROM command.
9 CVE-2005-0353 Exec Code Overflow 2005-05-02 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.
10 CVE-2005-0491 Exec Code Overflow 2005-05-02 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
11 CVE-2005-0551 Overflow +Priv 2005-05-02 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
12 CVE-2005-0582 Exec Code Overflow 2005-05-02 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request.
13 CVE-2005-0635 Exec Code Overflow 2005-05-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command.
14 CVE-2005-0708 +Info 2005-05-02 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.
15 CVE-2005-0735 264 +Priv 2005-05-02 2009-04-03
10.0
Admin Remote Low Not required Complete Complete Complete
newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.
16 CVE-2005-0744 +Priv +Info 2005-05-02 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser.
17 CVE-2005-0768 Exec Code Overflow 2005-05-02 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380.
18 CVE-2005-0836 +Priv 2005-05-02 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.
19 CVE-2005-0855 +Info 2005-05-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message.
20 CVE-2005-0927 2005-05-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.
21 CVE-2005-1009 Exec Code Overflow 2005-05-02 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file.
22 CVE-2005-1015 Exec Code Overflow 2005-05-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
23 CVE-2005-1037 +Priv 2005-05-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.
24 CVE-2005-1069 2005-05-02 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page."
25 CVE-2005-1131 2005-05-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact.
26 CVE-2005-1177 2005-05-02 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
27 CVE-2005-1255 Exec Code Overflow 2005-05-25 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
28 CVE-2005-1256 Exec Code Overflow 2005-05-25 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
29 CVE-2005-1365 Exec Code 2005-05-16 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.
30 CVE-2005-1415 Exec Code Overflow 2005-05-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.
31 CVE-2005-1449 2005-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
32 CVE-2005-1452 2005-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."
33 CVE-2005-1559 Exec Code 2005-05-11 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi.
34 CVE-2005-1560 Exec Code 2005-05-11 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute.
35 CVE-2005-1596 Exec Code Bypass 2005-05-16 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.
36 CVE-2005-1693 Overflow +Priv 2005-05-24 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.
37 CVE-2005-1738 Exec Code 2005-05-24 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call.
38 CVE-2005-1740 Exec Code 2005-05-24 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.
39 CVE-2005-0209 20 DoS 2005-05-02 2017-10-10
7.8
None Remote Low Not required None None Complete
Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.
40 CVE-2005-0893 Exec Code 2005-05-02 2016-10-17
7.6
Admin Remote High Not required Complete Complete Complete
modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc.
41 CVE-2005-0970 2005-05-02 2009-10-14
7.6
Admin Remote High Not required Complete Complete Complete
Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.
42 CVE-2005-0005 Exec Code Overflow 2005-05-02 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
43 CVE-2005-0012 Exec Code 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page.
44 CVE-2005-0014 Exec Code Overflow 2005-05-02 2018-10-19
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.
45 CVE-2005-0015 Exec Code 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
46 CVE-2005-0043 Exec Code Overflow 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
47 CVE-2005-0044 Exec Code 2005-05-02 2019-04-30
7.5
User Remote Low Not required Partial Partial Partial
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."
48 CVE-2005-0045 Exec Code 2005-05-02 2019-04-30
7.5
User Remote Low Not required Partial Partial Partial
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.
49 CVE-2005-0048 DoS Exec Code 2005-05-02 2019-04-30
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
50 CVE-2005-0051 +Info 2005-05-02 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."
Total number of vulnerabilities : 1255   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.