CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2005-1748 DoS 2005-05-24 2018-10-30
5.0
None Remote Low Not required None None Partial
The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.
52 CVE-2005-1747 +Priv XSS 2005-05-24 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.
53 CVE-2005-1746 DoS 2005-05-24 2018-10-30
5.0
None Remote Low Not required None None Partial
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies.
54 CVE-2005-1745 2005-05-24 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.
55 CVE-2005-1744 2005-05-24 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.
56 CVE-2005-1743 2005-05-24 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.
57 CVE-2005-1742 2005-05-24 2018-10-30
5.0
None Remote Low Not required None None Partial
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
58 CVE-2005-1741 DoS 2005-05-24 2008-09-05
5.0
None Remote Low Not required None None Partial
Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data.
59 CVE-2005-1740 Exec Code 2005-05-24 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.
60 CVE-2005-1739 DoS 2005-05-24 2018-10-03
5.0
None Remote Low Not required None None Partial
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
61 CVE-2005-1738 Exec Code 2005-05-24 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call.
62 CVE-2005-1737 2005-05-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list.
63 CVE-2005-1736 2005-05-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended.
64 CVE-2005-1735 XSS 2005-05-24 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
65 CVE-2005-1734 Exec Code Sql 2005-05-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
66 CVE-2005-1733 2005-05-24 2016-10-17
5.0
None Remote Low Not required Partial None None
Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt.
67 CVE-2005-1732 2005-05-24 2016-10-17
5.0
None Remote Low Not required Partial None None
Cookie Cart allows remote attackers to read the Order Notification list via the testmycgi and path parameters to testmy.cgi.
68 CVE-2005-1719 2005-05-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses.
69 CVE-2005-1718 DoS Overflow 2005-05-24 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname.
70 CVE-2005-1717 DoS 2005-05-24 2008-09-05
5.0
None Remote Low Not required None None Partial
ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets.
71 CVE-2005-1716 +Info 2005-05-24 2008-09-05
5.0
None Remote Low Not required Partial None None
TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses.
72 CVE-2005-1715 XSS 2005-05-24 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section.
73 CVE-2005-1714 XSS 2005-05-24 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
74 CVE-2005-1713 XSS 2005-05-24 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
75 CVE-2005-1712 2005-05-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.
76 CVE-2005-1711 2005-05-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
77 CVE-2005-1710 XSS 2005-05-24 2016-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page.
78 CVE-2005-1709 2005-05-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license.
79 CVE-2005-1708 +Priv 2005-05-24 2016-10-17
4.6
User Local Low Not required Partial Partial Partial
templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.
80 CVE-2005-1707 2005-05-24 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
81 CVE-2005-1706 Bypass 2005-05-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection.
82 CVE-2005-1705 Exec Code 2005-05-24 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
83 CVE-2005-1704 189 Exec Code Overflow 2005-05-24 2018-10-19
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.
84 CVE-2005-1703 DoS 2005-05-24 2016-10-17
5.0
None Remote Low Not required None None Partial
Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference.
85 CVE-2005-1702 Exec Code 2005-05-24 2016-10-17
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Warrior Kings: Battles 1.23 and earlier and Warrior Kings 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a nickname.
86 CVE-2005-1701 Exec Code Sql 2005-05-24 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules.
87 CVE-2005-1700 Exec Code Sql 2005-05-24 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.
88 CVE-2005-1699 Dir. Trav. 2005-05-24 2016-10-17
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.
89 CVE-2005-1698 +Info 2005-05-24 2016-10-17
5.0
None Remote Low Not required Partial None None
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message.
90 CVE-2005-1697 +Info 2005-05-24 2016-10-17
5.0
None Remote Low Not required Partial None None
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.
91 CVE-2005-1696 XSS 2005-05-24 2016-10-17
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.
92 CVE-2005-1695 XSS 2005-05-24 2016-10-17
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php.
93 CVE-2005-1694 Exec Code Sql 2005-05-24 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter.
94 CVE-2005-1693 Overflow +Priv 2005-05-24 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.
95 CVE-2005-1692 Exec Code 2005-05-24 2016-10-17
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.
96 CVE-2005-1688 +Info 2005-05-20 2016-10-17
5.0
None Remote Low Not required Partial None None
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
97 CVE-2005-1687 Exec Code Sql 2005-05-20 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.
98 CVE-2005-1686 DoS 2005-05-20 2018-10-03
2.6
None Remote High Not required None None Partial
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
99 CVE-2005-1685 Bypass 2005-05-20 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.
100 CVE-2005-1684 XSS 2005-05-20 2016-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in default.asp for episodex guestbook allows remote attackers to inject arbitrary web script or HTML via the Name field and other fields.
Total number of vulnerabilities : 1255   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.