CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2005-1290 XSS 2005-05-02 2016-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.
452 CVE-2005-1289 Exec Code 2005-05-02 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.
453 CVE-2005-1288 +Priv 2005-05-02 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie.
454 CVE-2005-1286 2005-05-02 2016-10-17
1.2
None Local High Not required None None Partial
Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.
455 CVE-2005-1284 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request.
456 CVE-2005-1282 XSS 2005-05-02 2017-07-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface.
457 CVE-2005-1280 DoS 2005-05-02 2018-10-19
5.0
None Remote Low Not required None None Partial
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
458 CVE-2005-1279 DoS 2005-05-02 2018-10-19
5.0
None Remote Low Not required None None Partial
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
459 CVE-2005-1278 DoS 2005-05-02 2018-10-19
5.0
None Remote Low Not required None None Partial
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
460 CVE-2005-1264 2005-05-17 2018-10-19
7.2
Admin Local Low Not required Complete Complete Complete
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
461 CVE-2005-1263 Exec Code Overflow 2005-05-11 2018-10-19
7.2
Admin Local Low Not required Complete Complete Complete
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
462 CVE-2005-1262 DoS 2005-05-11 2018-10-19
5.0
None Remote Low Not required None None Partial
Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.
463 CVE-2005-1261 Exec Code Overflow 2005-05-11 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.
464 CVE-2005-1260 DoS 2005-05-19 2018-10-03
5.0
None Remote Low Not required None None Partial
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
465 CVE-2005-1256 Exec Code Overflow 2005-05-25 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
466 CVE-2005-1255 Exec Code Overflow 2005-05-25 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
467 CVE-2005-1254 DoS Overflow 2005-05-25 2008-11-15
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.
468 CVE-2005-1252 Dir. Trav. 2005-05-25 2008-11-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
469 CVE-2005-1249 DoS 2005-05-25 2008-11-15
5.0
None Remote Low Not required None None Partial
The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
470 CVE-2005-1248 Exec Code Overflow 2005-05-16 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
471 CVE-2005-1245 XSS 2005-05-02 2017-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
472 CVE-2005-1243 Dir. Trav. 2005-05-02 2017-07-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
473 CVE-2005-1242 Dir. Trav. 2005-05-02 2017-07-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
474 CVE-2005-1239 Dir. Trav. 2005-05-02 2017-07-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
475 CVE-2005-1238 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
476 CVE-2005-1237 Exec Code Sql 2005-05-02 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
477 CVE-2005-1236 Exec Code Sql 2005-05-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
478 CVE-2005-1235 +Info 2005-05-02 2008-09-05
5.0
None Remote Low Not required Partial None None
auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message.
479 CVE-2005-1234 Exec Code Sql 2005-05-02 2018-10-19
5.0
None Remote Low Not required None Partial None
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php.
480 CVE-2005-1232 Exec Code Overflow 2005-05-02 2016-11-28
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors.
481 CVE-2005-1231 XSS 2005-05-02 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description.
482 CVE-2005-1230 Dir. Trav. 2005-05-02 2016-10-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in a GET request.
483 CVE-2005-1229 Dir. Trav. 2005-05-02 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
484 CVE-2005-1228 Dir. Trav. 2005-05-02 2017-10-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
485 CVE-2005-1226 +Info 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.
486 CVE-2005-1225 Exec Code Sql 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.
487 CVE-2005-1224 Exec Code Sql 2005-05-02 2018-10-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.
488 CVE-2005-1223 Exec Code Sql 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field.
489 CVE-2005-1222 Exec Code 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php.
490 CVE-2005-1221 Exec Code Sql 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field.
491 CVE-2005-1220 +Info 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes.
492 CVE-2005-1204 DoS 2005-05-02 2016-10-17
5.0
None Remote Low Not required None None Partial
Desktop Rover 3.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a crafted packet to TCP port 61427, which causes an invalid memory access.
493 CVE-2005-1203 Exec Code Sql 2005-05-02 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.
494 CVE-2005-1202 XSS 2005-05-02 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
495 CVE-2005-1201 Dir. Trav. 2005-05-02 2017-07-10
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist.
496 CVE-2005-1200 Exec Code File Inclusion 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code.
497 CVE-2005-1199 Exec Code Sql 2005-05-02 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter.
498 CVE-2005-1198 Dir. Trav. 2005-05-02 2016-10-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter.
499 CVE-2005-1197 Exec Code Sql 2005-05-02 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.
500 CVE-2005-1196 Exec Code Sql +Info 2005-05-02 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.
Total number of vulnerabilities : 1255   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.