CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14601 CVE-2005-4566 Overflow 2005-12-29 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
14602 CVE-2005-4565 2005-12-29 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
14603 CVE-2005-4459 119 Exec Code Overflow 2005-12-21 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.
14604 CVE-2005-4458 +Priv 2005-12-21 2018-10-19
9.0
Admin Remote Low Single system Complete Complete Complete
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.
14605 CVE-2005-4453 +Priv 2005-12-21 2018-10-19
9.0
Admin Remote Low Single system Complete Complete Complete
UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field.
14606 CVE-2005-4448 +Priv 2005-12-21 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.
14607 CVE-2005-4414 2005-12-20 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."
14608 CVE-2005-4338 +Priv 2005-12-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".
14609 CVE-2005-4332 DoS Bypass 2005-12-17 2018-10-30
9.4
None Remote Low Not required None Complete Complete
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
14610 CVE-2005-4325 2005-12-17 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Driverse before 0.56b have unknown impact and attack vectors, related to (1) a "ptrace exploit" and (2) "some other potential security problems."
14611 CVE-2005-4272 Exec Code Overflow 2005-12-15 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.
14612 CVE-2005-4200 2005-12-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199.
14613 CVE-2005-4156 DoS 2005-12-10 2008-09-05
9.4
None Remote Low Not required Complete None Complete
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.
14614 CVE-2005-4090 2005-12-08 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.
14615 CVE-2005-4007 2005-12-04 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/authorization.xml.
14616 CVE-2005-3957 2005-12-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.
14617 CVE-2005-3773 2005-11-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions."
14618 CVE-2005-3764 2005-11-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML.
14619 CVE-2005-3752 2005-11-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction".
14620 CVE-2005-3731 2005-11-21 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing."
14621 CVE-2005-3693 Exec Code 2005-11-18 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm MediaMax DRM allows remote attackers to download and execute arbitrary code, a similar vulnerability to CVE-2005-3650.
14622 CVE-2005-3666 2005-11-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable.
14623 CVE-2005-3656 134 Exec Code 2005-12-31 2018-10-03
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.
14624 CVE-2005-3653 119 Exec Code Overflow 2005-12-31 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
14625 CVE-2005-3650 94 Exec Code 2005-11-17 2017-07-10
9.3
Admin Remote Medium Not required Complete Complete Complete
The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.
14626 CVE-2005-3640 119 Exec Code Overflow 2005-11-16 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command.
14627 CVE-2005-3625 399 DoS 2005-12-31 2018-10-19
10.0
None Remote Low Not required Complete Complete Complete
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
14628 CVE-2005-3595 2005-11-16 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.
14629 CVE-2005-3587 2005-11-16 2010-04-02
10.0
None Remote Low Not required Complete Complete Complete
Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.
14630 CVE-2005-3525 Exec Code Overflow 2005-12-31 2018-10-19
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.
14631 CVE-2005-3524 Exec Code Overflow 2005-11-06 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.
14632 CVE-2005-3481 Exec Code Overflow 2005-11-02 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed.
14633 CVE-2005-3466 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01.
14634 CVE-2005-3465 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JDE01.
14635 CVE-2005-3464 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04.
14636 CVE-2005-3463 2005-11-02 2016-05-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.03 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE03.
14637 CVE-2005-3462 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02.
14638 CVE-2005-3461 2005-11-02 2016-04-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.42 up to 8.45.17 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE01.
14639 CVE-2005-3460 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager 9.0.4.1 up to 10.1.0.4 has unknown impact and attack vectors, as identified by Oracle Vuln# EM01.
14640 CVE-2005-3459 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical.
14641 CVE-2005-3458 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.9 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS19 in Workflow Cartridge.
14642 CVE-2005-3457 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS.
14643 CVE-2005-3456 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge.
14644 CVE-2005-3455 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in Application Install; (2) APPS02 and (3) APPS03 in Application Object Library; (4) APPS05 and (5) APPS06 in Applications Technology Stack; (6) APPS07 in Applications Utilities; (7) APPS09, (8) APPS10, and (9) APPS11 in HRMS; (10) APPS12 in Mobile Application Foundation; (11) APPS13 in SDP Number Portability; (12) APPS14 in Oracle Service; (13) APPS15 in Service Fulfillment Manage, (14) APPS16 in Universal Work Queue; and (15) APPS20 in Workflow Cartridge.
14645 CVE-2005-3454 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7) OCS07, (8) OCS08, (9) OCS09, and (10) OCS10 for Email Server; and (11) OCS11, (12) OCS12, and (13) OCS13 for Oracle Files.
14646 CVE-2005-3453 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14.
14647 CVE-2005-3452 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13.
14648 CVE-2005-3451 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as identified by Oracle Vuln# AS10.
14649 CVE-2005-3450 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as identified by Oracle Vuln# AS04.
14650 CVE-2005-3449 2005-11-02 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS02 in Containers for J2EE, (2) AS07 in Internet Directory, (3) AS09 in Report Server, and (4) AS11 in Web Cache.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.