CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2005-0214 Dir. Trav. 2005-05-02 2017-07-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.
1152 CVE-2005-0213 Dir. Trav. 2005-05-02 2017-07-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a zip file.
1153 CVE-2005-0212 DoS 2005-05-02 2017-07-10
5.0
None Remote Low Not required None None Partial
The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero byte UDP packet.
1154 CVE-2005-0211 119 DoS Exec Code Overflow 2005-05-02 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
1155 CVE-2005-0210 399 DoS 2005-05-02 2017-10-10
4.9
None Local Low Not required None None Complete
Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice.
1156 CVE-2005-0209 20 DoS 2005-05-02 2017-10-10
7.8
None Remote Low Not required None None Complete
Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.
1157 CVE-2005-0208 DoS 2005-05-02 2018-10-19
5.0
None Remote Low Not required None None Partial
The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.
1158 CVE-2005-0207 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
1159 CVE-2005-0205 +Priv 2005-05-02 2017-10-10
4.6
User Local Low Not required Partial Partial Partial
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.
1160 CVE-2005-0204 2005-05-02 2017-10-10
2.1
None Local Low Not required None Partial None
Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction.
1161 CVE-2005-0202 Dir. Trav. 2005-05-02 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
1162 CVE-2005-0200 20 2005-05-02 2012-10-24
7.5
None Remote Low Not required Partial Partial Partial
TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.
1163 CVE-2005-0199 DoS Exec Code Overflow 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.
1164 CVE-2005-0198 2005-05-02 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.
1165 CVE-2005-0197 16 DoS 2005-05-02 2017-10-10
6.1
None Local Network Low Not required None None Complete
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
1166 CVE-2005-0196 DoS 2005-05-02 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.
1167 CVE-2005-0195 DoS 2005-05-02 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
1168 CVE-2005-0194 Bypass 2005-05-02 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
1169 CVE-2005-0187 Exec Code Overflow 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name.
1170 CVE-2005-0185 Exec Code Overflow 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field.
1171 CVE-2005-0184 Dir. Trav. 2005-05-02 2017-07-10
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.
1172 CVE-2005-0183 Exec Code 2005-05-02 2017-07-10
7.2
Admin Local Low Not required Complete Complete Complete
ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument.
1173 CVE-2005-0173 Bypass 2005-05-02 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
1174 CVE-2005-0158 DoS Exec Code 2005-05-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses.
1175 CVE-2005-0157 2005-05-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned.
1176 CVE-2005-0155 2005-05-02 2018-08-13
4.6
None Local Low Not required Partial Partial Partial
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
1177 CVE-2005-0150 Exec Code 2005-05-26 2017-10-10
5.0
None Remote Low Not required None Partial None
Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.
1178 CVE-2005-0148 2005-05-02 2017-10-10
5.0
None Remote Low Not required None Partial None
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.
1179 CVE-2005-0147 2005-05-02 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
1180 CVE-2005-0146 2005-05-02 2017-10-10
5.0
None Remote Low Not required Partial None None
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.
1181 CVE-2005-0144 2005-05-02 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
1182 CVE-2005-0142 2005-05-02 2017-10-10
2.1
None Local Low Not required Partial None None
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
1183 CVE-2005-0141 2005-05-02 2017-10-10
2.6
None Remote High Not required Partial None None
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
1184 CVE-2005-0140 Exec Code Overflow 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name.
1185 CVE-2005-0137 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry."
1186 CVE-2005-0135 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).
1187 CVE-2005-0134 2005-05-18 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets.
1188 CVE-2005-0133 DoS 2005-05-02 2008-09-10
5.0
None Remote Low Not required None None Partial
ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.
1189 CVE-2005-0127 2005-05-02 2017-07-10
5.0
None Remote Low Not required Partial None None
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.
1190 CVE-2005-0126 Exec Code 2005-05-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.
1191 CVE-2005-0125 Exec Code 2005-05-02 2018-08-13
7.2
Admin Local Low Not required Complete Complete Complete
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.
1192 CVE-2005-0121 Exec Code Overflow 2005-05-02 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in golddig 2.0 and earlier allow local users to execute arbitrary code via (1) a long map name command line argument or (2) a long username as recorded in the USER environment variable.
1193 CVE-2005-0120 2005-05-02 2008-09-05
2.1
None Local Low Not required None Partial None
helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program.
1194 CVE-2005-0119 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program.
1195 CVE-2005-0118 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
helvis 1.8h2_1 and earlier stores recovery files in world readable directories with world readable permissions, which allows local users to read the recovered files of other users.
1196 CVE-2005-0106 2005-05-03 2018-10-03
4.6
None Local Low Not required Partial Partial Partial
SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.
1197 CVE-2005-0091 +Priv 2005-05-02 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.
1198 CVE-2005-0090 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).
1199 CVE-2005-0089 Exec Code 2005-05-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.
1200 CVE-2005-0088 2005-05-02 2018-10-19
7.5
User Remote Low Not required Partial Partial Partial
The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.
Total number of vulnerabilities : 1255   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 (This Page)25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.