CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-1983 Exec Code Overflow +Priv 2005-08-10 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
2 CVE-2005-2017 +Priv 2005-08-30 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540.
3 CVE-2005-2420 Exec Code 2005-08-03 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request.
4 CVE-2005-2425 Exec Code Overflow 2005-08-03 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string.
5 CVE-2005-2511 2005-08-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.
6 CVE-2005-2541 +Priv 2005-08-10 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
7 CVE-2005-2593 2005-08-17 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors.
8 CVE-2005-2611 2005-08-17 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.
9 CVE-2005-2626 2005-08-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID.
10 CVE-2005-2655 +Priv 2005-08-30 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.
11 CVE-2005-2668 Exec Code Overflow 2005-08-23 2017-11-22
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
12 CVE-2005-2669 Exec Code 2005-08-23 2017-11-21
10.0
Admin Remote Low Not required Complete Complete Complete
Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.
13 CVE-2005-2679 Exec Code Overflow 2005-08-23 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a running process.
14 CVE-2005-2572 DoS Exec Code 2005-08-16 2017-07-10
8.5
Admin Remote Medium Single system Complete Complete Complete
MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.
15 CVE-2005-2501 Exec Code Overflow 2005-08-19 2008-09-05
7.6
Admin Remote High Not required Complete Complete Complete
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
16 CVE-2005-0058 Exec Code Overflow 2005-08-10 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.
17 CVE-2005-0357 +Priv Bypass 2005-08-23 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
18 CVE-2005-0358 +Priv 2005-08-23 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
19 CVE-2005-1272 Exec Code Overflow 2005-08-05 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
20 CVE-2005-1854 Exec Code 2005-08-05 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.
21 CVE-2005-1984 Exec Code Overflow 2005-08-10 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
22 CVE-2005-1989 Exec Code +Info 2005-08-10 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".
23 CVE-2005-2079 Exec Code Overflow 2005-08-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.
24 CVE-2005-2103 DoS Exec Code Overflow 2005-08-16 2018-10-19
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
25 CVE-2005-2127 119 DoS Exec Code Overflow Mem. Corr. 2005-08-19 2018-10-19
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
26 CVE-2005-2346 Exec Code Overflow 2005-08-03 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section.
27 CVE-2005-2367 +Priv 2005-08-10 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.
28 CVE-2005-2409 Exec Code 2005-08-01 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
29 CVE-2005-2410 Exec Code 2005-08-01 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.
30 CVE-2005-2415 Exec Code Sql 2005-08-03 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to the gallery module.
31 CVE-2005-2419 Bypass 2005-08-03 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg.
32 CVE-2005-2421 Exec Code Sql 2005-08-03 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter.
33 CVE-2005-2424 2005-08-03 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web interface that cause the interface to freeze.
34 CVE-2005-2432 Sql 2005-08-03 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.
35 CVE-2005-2439 Exec Code Sql 2005-08-03 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function.
36 CVE-2005-2440 Exec Code Sql 2005-08-03 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp in Thomson Web Skill Vantage Manager allows remote attackers to execute arbitrary SQL commands via the svmPassword parameter.
37 CVE-2005-2445 Exec Code Sql 2005-08-03 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows remote attackers to execute arbitrary SQL commands via the idcategory parameter.
38 CVE-2005-2450 Overflow +Priv 2005-08-03 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
39 CVE-2005-2470 DoS Exec Code Overflow 2005-08-16 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
40 CVE-2005-2471 Exec Code 2005-08-05 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
41 CVE-2005-2473 Exec Code Sql 2005-08-05 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.
42 CVE-2005-2478 Exec Code Sql 2005-08-05 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel.
43 CVE-2005-2483 Exec Code 2005-08-07 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.
44 CVE-2005-2484 Exec Code Overflow 2005-08-07 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 might allow attackers to execute arbitrary code.
45 CVE-2005-2486 Exec Code Sql 2005-08-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mod_forum/read_message.php in PortailPHP allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php with the affiche parameter set to "Forum-read_mess", a different vulnerability than CVE-2005-1701.
46 CVE-2005-2489 +Priv 2005-08-07 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php.
47 CVE-2005-2491 Exec Code Overflow 2005-08-23 2018-10-19
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
48 CVE-2005-2500 DoS Exec Code Overflow 2005-08-08 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol.
49 CVE-2005-2505 Exec Code Overflow 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.
50 CVE-2005-2507 Exec Code Overflow 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
Total number of vulnerabilities : 322   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.