CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2005-0286 +Info 2005-05-02 2017-07-10
5.0
None Remote Low Not required Partial None None
eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file.
1102 CVE-2005-0285 +Priv 2005-05-02 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.
1103 CVE-2005-0282 Exec Code Sql 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
1104 CVE-2005-0281 XSS 2005-05-02 2017-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs.
1105 CVE-2005-0279 DoS 2005-05-02 2017-07-10
5.0
None Remote Low Not required None None Partial
Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet.
1106 CVE-2005-0278 2005-05-02 2017-07-10
5.0
None Remote Low Not required Partial None None
The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.
1107 CVE-2005-0277 DoS Exec Code Overflow 2005-05-02 2017-07-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.
1108 CVE-2005-0276 DoS 2005-05-02 2017-07-10
5.0
None Remote Low Not required None None Partial
Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.
1109 CVE-2005-0275 DoS 2005-05-02 2017-07-10
5.0
None Remote Low Not required None None Partial
TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.
1110 CVE-2005-0273 Exec Code Sql 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.
1111 CVE-2005-0272 Bypass 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions.
1112 CVE-2005-0270 XSS 2005-05-02 2017-07-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php.
1113 CVE-2005-0269 2005-05-02 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
1114 CVE-2005-0267 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.
1115 CVE-2005-0265 Exec Code Sql 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.
1116 CVE-2005-0264 XSS 2005-05-02 2017-07-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter.
1117 CVE-2005-0263 Exec Code Overflow 2005-05-02 2017-07-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.
1118 CVE-2005-0262 Exec Code Overflow 2005-05-02 2017-07-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.
1119 CVE-2005-0260 Exec Code Overflow 2005-05-02 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
1120 CVE-2005-0256 119 DoS Overflow 2005-05-02 2017-10-10
5.0
None Remote Low Not required None None Partial
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
1121 CVE-2005-0255 DoS Exec Code Mem. Corr. 2005-05-02 2017-10-10
5.0
None Remote Low Not required None None Partial
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
1122 CVE-2005-0254 2005-05-02 2016-10-17
5.0
None Remote Low Not required None Partial None
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.
1123 CVE-2005-0253 Dir. Trav. 2005-05-02 2016-10-17
5.0
None Remote Low Not required None None Partial
Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.
1124 CVE-2005-0252 Exec Code Sql 2005-05-02 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.
1125 CVE-2005-0251 XSS 2005-05-02 2016-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.
1126 CVE-2005-0250 Exec Code 2005-05-02 2017-07-10
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument.
1127 CVE-2005-0248 2005-05-02 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.
1128 CVE-2005-0247 119 Exec Code Overflow 2005-05-02 2017-10-10
6.5
User Remote Low Single system Partial Partial Partial
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.
1129 CVE-2005-0246 DoS 2005-05-02 2017-10-10
5.0
None Remote Low Not required None None Partial
The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.
1130 CVE-2005-0244 264 Exec Code Bypass 2005-05-02 2017-10-10
6.5
User Remote Low Single system Partial Partial Partial
PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.
1131 CVE-2005-0241 Bypass 2005-05-02 2017-10-10
5.0
None Remote Low Not required None Partial None
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
1132 CVE-2005-0240 Exec Code 2005-05-02 2017-07-10
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message.
1133 CVE-2005-0239 Exec Code 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter.
1134 CVE-2005-0238 2005-05-02 2017-07-10
5.0
None Remote Low Not required None Partial None
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
1135 CVE-2005-0237 2005-05-02 2018-10-19
5.0
None Remote Low Not required None Partial None
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
1136 CVE-2005-0236 2005-05-02 2017-07-10
5.0
None Remote Low Not required None Partial None
The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
1137 CVE-2005-0235 2005-05-02 2017-07-10
5.0
None Remote Low Not required None Partial None
The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
1138 CVE-2005-0234 2005-05-02 2017-07-10
5.0
None Remote Low Not required None Partial None
The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
1139 CVE-2005-0232 2005-05-02 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."
1140 CVE-2005-0230 Exec Code Bypass 2005-05-02 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."
1141 CVE-2005-0227 94 Exec Code 2005-05-02 2017-10-10
4.3
None Local Low Single system Partial Partial Partial
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.
1142 CVE-2005-0225 2005-05-02 2017-07-10
2.1
None Local Low Not required None Partial None
firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack.
1143 CVE-2005-0223 DoS 2005-05-02 2016-10-17
5.0
None Remote Low Not required None None Partial
The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.
1144 CVE-2005-0222 2005-05-02 2017-07-10
5.0
None Remote Low Not required Partial None None
main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.
1145 CVE-2005-0220 XSS 2005-05-02 2017-07-10
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
1146 CVE-2005-0219 XSS 2005-05-02 2017-07-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php.
1147 CVE-2005-0218 Bypass 2005-05-02 2008-09-10
5.0
None Remote Low Not required None Partial None
ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.
1148 CVE-2005-0217 Exec Code Sql 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter.
1149 CVE-2005-0216 XSS 2005-05-02 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter.
1150 CVE-2005-0215 DoS 2005-05-02 2017-07-10
5.0
None Remote Low Not required None None Partial
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.
Total number of vulnerabilities : 1255   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 (This Page)24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.