CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2005-2608 XSS 2005-08-17 2008-09-05
4.3
None Remote Medium Not required None Partial None
SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML.
102 CVE-2005-2607 2005-08-17 2008-09-05
5.0
None Remote Low Not required Partial None None
PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.
103 CVE-2005-2606 2005-08-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors.
104 CVE-2005-2605 Bypass 2005-08-17 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags.
105 CVE-2005-2604 2005-08-17 2008-09-05
5.0
None Remote Low Not required Partial None None
index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message.
106 CVE-2005-2603 XSS 2005-08-17 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters.
107 CVE-2005-2602 2005-08-17 2008-09-05
2.6
None Remote High Not required None Partial None
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
108 CVE-2005-2601 Exec Code Sql 2005-08-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp.
109 CVE-2005-2600 2005-08-17 2008-09-05
5.0
None Remote Low Not required Partial None None
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.
110 CVE-2005-2599 +Priv 2005-08-17 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges.
111 CVE-2005-2598 Dir. Trav. 2005-08-17 2008-09-05
5.0
None Remote Low Not required None Partial None
Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php.
112 CVE-2005-2597 Exec Code 2005-08-17 2017-07-10
7.2
Admin Local Low Not required Complete Complete Complete
AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program.
113 CVE-2005-2596 +Priv 2005-08-17 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.
114 CVE-2005-2595 XSS 2005-08-17 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages.
115 CVE-2005-2594 DoS 2005-08-17 2008-09-05
5.0
None Remote Low Not required None None Partial
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.
116 CVE-2005-2593 2005-08-17 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors.
117 CVE-2005-2592 Bypass 2005-08-17 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to bypass authentication via unknown vectors.
118 CVE-2005-2591 2005-08-17 2017-07-10
5.0
None Remote Low Not required Partial None None
Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability.
119 CVE-2005-2590 XSS 2005-08-17 2017-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
120 CVE-2005-2589 Bypass 2005-08-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.
121 CVE-2005-2588 XSS 2005-08-17 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp.
122 CVE-2005-2587 Exec Code Sql 2005-08-16 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
123 CVE-2005-2586 +Info 2005-08-16 2016-10-17
2.1
None Local Low Not required Partial None None
Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information.
124 CVE-2005-2585 DoS 2005-08-16 2016-10-17
5.0
None Remote Low Not required None None Partial
Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan.
125 CVE-2005-2584 2005-08-16 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access.
126 CVE-2005-2583 2005-08-16 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access.
127 CVE-2005-2582 2005-08-16 2016-10-17
3.6
None Local Low Not required None Partial Partial
Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing.
128 CVE-2005-2581 DoS 2005-08-16 2016-10-17
5.0
None Remote Low Not required None None Partial
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.
129 CVE-2005-2580 Exec Code Sql 2005-08-16 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.
130 CVE-2005-2579 +Priv 2005-08-16 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box.
131 CVE-2005-2577 DoS 2005-08-16 2016-10-17
5.0
None Remote Low Not required None None Partial
Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial of service (device crash) via a packet with a zero in the IP option length field.
132 CVE-2005-2576 +Info 2005-08-16 2016-10-17
5.0
None Remote Low Not required Partial None None
CaLogic 1.22, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) doclsqlres.php, (2) clmcpreload.php, (3) viewhistlog.php, (4) mcconfig.php, (5) doclsqlbak.php, (6) defcalsel.php, or (7) cl_minical.php, which reveals the path in an error message.
133 CVE-2005-2575 Exec Code Sql 2005-08-16 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable.
134 CVE-2005-2574 2005-08-16 2016-10-17
5.0
None Remote Low Not required None Partial None
xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].
135 CVE-2005-2573 Dir. Trav. 2005-08-16 2019-10-07
5.0
None Remote Low Not required Partial None None
The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
136 CVE-2005-2572 DoS Exec Code 2005-08-16 2017-07-10
8.5
Admin Remote Medium Single system Complete Complete Complete
MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.
137 CVE-2005-2571 2005-08-16 2016-10-17
6.4
None Remote Low Not required Partial Partial None
FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php.
138 CVE-2005-2570 +Info 2005-08-16 2016-10-17
5.0
None Remote Low Not required Partial None None
FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to forums.php, which reveals the path in an error message.
139 CVE-2005-2569 XSS 2005-08-16 2016-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php.
140 CVE-2005-2568 Exec Code 2005-08-16 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.
141 CVE-2005-2567 Exec Code File Inclusion 2005-08-16 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.
142 CVE-2005-2566 Exec Code Sql 2005-08-16 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php.
143 CVE-2005-2565 +Info 2005-08-16 2017-07-10
5.0
None Remote Low Not required Partial None None
Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message.
144 CVE-2005-2564 Exec Code 2005-08-16 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.
145 CVE-2005-2563 XSS 2005-08-16 2016-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template.
146 CVE-2005-2562 Exec Code Sql Bypass 2005-08-16 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field.
147 CVE-2005-2561 Exec Code Sql 2005-08-16 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3.
148 CVE-2005-2560 XSS 2005-08-16 2016-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
149 CVE-2005-2559 Exec Code 2005-08-16 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function.
150 CVE-2005-2558 Exec Code Overflow 2005-08-16 2019-10-07
4.6
User Local Low Not required Partial Partial Partial
Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
Total number of vulnerabilities : 322   Page : 1 2 3 (This Page)4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.