| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
17601 |
CVE-2005-1205 |
|
|
|
2005-06-14 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. |
|
17602 |
CVE-2005-1204 |
|
|
DoS |
2005-05-02 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Desktop Rover 3.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a crafted packet to TCP port 61427, which causes an invalid memory access. |
|
17603 |
CVE-2005-1198 |
|
|
Dir. Trav. |
2005-05-02 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter. |
|
17604 |
CVE-2005-1192 |
|
|
DoS |
2005-05-02 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060. |
|
17605 |
CVE-2005-1191 |
|
|
|
2005-05-02 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file. |
|
17606 |
CVE-2005-1190 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered. |
|
17607 |
CVE-2005-1187 |
|
|
Exec Code Overflow |
2005-05-02 |
2017-07-10 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument. NOTE: since this overflow is in the command line of an unprivileged program, it is highly likely that this is not a vulnerability. |
|
17608 |
CVE-2005-1184 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated. |
|
17609 |
CVE-2005-1182 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. |
|
17610 |
CVE-2005-1180 |
|
|
Http R.Spl. |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. |
|
17611 |
CVE-2005-1179 |
|
|
|
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, related to SNMP authentication, allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-0703. |
|
17612 |
CVE-2005-1174 |
|
|
DoS |
2005-07-18 |
2018-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory. |
|
17613 |
CVE-2005-1168 |
|
|
|
2005-05-02 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument. |
|
17614 |
CVE-2005-1165 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data. |
|
17615 |
CVE-2005-1164 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length. |
|
17616 |
CVE-2005-1162 |
|
|
XSS |
2005-05-02 |
2017-07-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp. |
|
17617 |
CVE-2005-1160 |
|
|
+Priv |
2005-05-02 |
2017-10-10 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object. |
|
17618 |
CVE-2005-1158 |
|
|
|
2005-05-02 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. |
|
17619 |
CVE-2005-1150 |
|
|
DoS |
2005-05-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). |
|
17620 |
CVE-2005-1148 |
|
|
+Info |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information. |
|
17621 |
CVE-2005-1147 |
|
|
+Info |
2005-04-12 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information. |
|
17622 |
CVE-2005-1144 |
|
|
+Info |
2005-04-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message. |
|
17623 |
CVE-2005-1138 |
|
|
DoS |
2005-04-18 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages. |
|
17624 |
CVE-2005-1137 |
|
|
+Info |
2005-05-02 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. |
|
17625 |
CVE-2005-1136 |
|
|
+Info |
2005-04-14 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files. |
|
17626 |
CVE-2005-1133 |
|
|
|
2005-05-02 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. |
|
17627 |
CVE-2005-1132 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. |
|
17628 |
CVE-2005-1127 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey. |
|
17629 |
CVE-2005-1125 |
|
|
Bypass |
2005-05-02 |
2008-09-05 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed. |
|
17630 |
CVE-2005-1123 |
119 |
|
DoS Overflow Mem. Corr. |
2005-05-02 |
2012-10-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file. |
|
17631 |
CVE-2005-1121 |
|
|
Exec Code |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. |
|
17632 |
CVE-2005-1112 |
|
|
|
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. |
|
17633 |
CVE-2005-1108 |
|
|
|
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request. |
|
17634 |
CVE-2005-1106 |
|
|
DoS Overflow |
2005-05-02 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. |
|
17635 |
CVE-2005-1105 |
|
|
Dir. Trav. |
2005-05-02 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header. |
|
17636 |
CVE-2005-1089 |
|
|
|
2005-04-11 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files. |
|
17637 |
CVE-2005-1083 |
|
|
|
2005-05-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter. |
|
17638 |
CVE-2005-1080 |
|
|
Dir. Trav. |
2005-05-02 |
2017-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file. |
|
17639 |
CVE-2005-1073 |
|
|
Dir. Trav. |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter. |
|
17640 |
CVE-2005-1063 |
|
|
DoS |
2005-04-29 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations." |
|
17641 |
CVE-2005-1061 |
|
|
|
2005-05-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS." |
|
17642 |
CVE-2005-1060 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. |
|
17643 |
CVE-2005-1056 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service. |
|
17644 |
CVE-2005-1052 |
|
|
|
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. |
|
17645 |
CVE-2005-1050 |
|
|
+Info |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message. |
|
17646 |
CVE-2005-1043 |
|
|
DoS |
2005-04-14 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. |
|
17647 |
CVE-2005-1034 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. |
|
17648 |
CVE-2005-1033 |
|
|
+Info |
2005-05-02 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message. |
|
17649 |
CVE-2005-1031 |
|
|
|
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. |
|
17650 |
CVE-2005-1028 |
200 |
|
+Info |
2005-05-02 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. |
