CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2005-3260 XSS 2005-10-20 2016-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php.
102 CVE-2005-3259 Exec Code Sql Bypass 2005-10-20 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) login field, (2) "search this thread" feature, (3) "search for posts" feature, (4) "forgot password" feature, (5) list parameter in userlistpre.php, and the (6) select, (7) categ, and (8) to parameters in index.php.
103 CVE-2005-3258 DoS 2005-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
104 CVE-2005-3257 264 +Priv 2005-10-18 2018-10-03
4.6
User Local Low Not required Partial Partial Partial
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
105 CVE-2005-3256 2005-10-18 2018-10-03
5.0
None Remote Low Not required Partial None None
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.
106 CVE-2005-3255 +Info 2005-10-18 2008-09-05
5.0
None Remote Low Not required Partial None None
The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs.
107 CVE-2005-3254 Exec Code 2005-10-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.
108 CVE-2005-3252 Exec Code Overflow 2005-10-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
109 CVE-2005-3251 Dir. Trav. 2005-10-17 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter.
110 CVE-2005-3250 DoS 2005-10-17 2013-07-20
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.
111 CVE-2005-3249 DoS 2005-10-27 2017-10-10
6.4
None Remote Low Not required None Partial Partial
Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors that cause Ethereal to free an invalid pointer.
112 CVE-2005-3248 DoS 2005-10-27 2017-10-10
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (divide-by-zero) via unknown vectors.
113 CVE-2005-3247 DoS 2005-10-27 2017-10-10
5.0
None Remote Low Not required None None Partial
The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
114 CVE-2005-3246 DoS 2005-10-27 2017-10-10
5.0
None Remote Low Not required None None Partial
Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors.
115 CVE-2005-3245 DoS 2005-10-27 2017-10-10
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled, allows remote attackers to cause a denial of service (memory consumption).
116 CVE-2005-3244 DoS 2005-10-27 2017-10-10
5.0
None Remote Low Not required None None Partial
The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
117 CVE-2005-3243 Exec Code Overflow 2005-10-27 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow remote attackers to execute arbitrary code via unknown vectors in the (1) SLIMP3 and (2) AgentX dissector.
118 CVE-2005-3242 DoS 2005-10-27 2017-10-10
5.0
None Remote Low Not required None None Partial
Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled.
119 CVE-2005-3241 DoS 2005-10-27 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors in the (1) ISAKMP, (2) FC-FCS, (3) RSVP, and (4) ISIS LSP dissector.
120 CVE-2005-3239 DoS 2005-10-14 2010-04-02
7.8
None Remote Low Not required None None Complete
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.
121 CVE-2005-3238 DoS 2005-10-14 2008-09-05
2.1
None Local Low Not required None None Partial
Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors.
122 CVE-2005-3237 XSS 2005-10-14 2017-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote attackers to inject arbitrary web script or HTML via the t_login parameter of footer.php.
123 CVE-2005-3236 Sql XSS 2005-10-14 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.
124 CVE-2005-3235 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Proland Protector Plus 2000 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
125 CVE-2005-3234 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Grisoft AVG Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
126 CVE-2005-3233 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Trustix Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
127 CVE-2005-3232 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of TheHacker allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
128 CVE-2005-3231 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of CAT Quick Heal allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
129 CVE-2005-3230 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
130 CVE-2005-3229 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
131 CVE-2005-3228 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Ikarus AntiVirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
132 CVE-2005-3227 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of UNA Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
133 CVE-2005-3226 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of ArcaVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
134 CVE-2005-3225 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
135 CVE-2005-3224 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of AntiVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
136 CVE-2005-3223 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
137 CVE-2005-3222 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of VBA32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
138 CVE-2005-3221 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Fortinet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
139 CVE-2005-3220 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Norman Virus Control Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
140 CVE-2005-3219 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Avira Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
141 CVE-2005-3218 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Dr.Web Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
142 CVE-2005-3217 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
143 CVE-2005-3216 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
144 CVE-2005-3215 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of McAfee Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
145 CVE-2005-3214 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Avast Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
146 CVE-2005-3213 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
147 CVE-2005-3212 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of NOD32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
148 CVE-2005-3211 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
149 CVE-2005-3210 Bypass 2005-10-14 2016-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
150 CVE-2005-3209 +Priv +Info 2005-10-14 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges.
Total number of vulnerabilities : 283   Page : 1 2 3 (This Page)4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.