CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2005-1512 2005-05-11 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files.
252 CVE-2005-1511 Bypass 2005-05-11 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie.
253 CVE-2005-1510 +Info 2005-05-11 2016-10-17
7.5
None Remote Low Not required Partial Partial Partial
PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message.
254 CVE-2005-1509 Exec Code Sql 2005-05-11 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
255 CVE-2005-1508 XSS 2005-05-11 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module.
256 CVE-2005-1507 DoS Exec Code Overflow 2005-05-11 2017-07-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL.
257 CVE-2005-1506 Exec Code Sql 2005-05-11 2016-10-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter.
258 CVE-2005-1505 2005-05-11 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
259 CVE-2005-1504 Bypass 2005-05-11 2017-07-10
5.0
None Remote Low Not required None None Partial
GameSpy SDK CD-Key Validation Toolkit, as used by many online games, allows remote attackers to bypass the CD key validation by sending a spoofed \disc\ command, which tells the server the CD key is no longer in use.
260 CVE-2005-1503 Exec Code Sql 2005-05-11 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php.
261 CVE-2005-1502 XSS 2005-05-11 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php.
262 CVE-2005-1501 +Info 2005-05-11 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.
263 CVE-2005-1500 89 Exec Code Sql 2005-05-11 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
264 CVE-2005-1499 2005-05-11 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter.
265 CVE-2005-1498 XSS 2005-05-11 2017-07-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. NOTE: issues 2, 3, and 4 may be due to a problem in associated products rather than myBloggie itself.
266 CVE-2005-1497 +Info 2005-05-11 2017-07-10
5.0
None Remote Low Not required Partial None None
index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message.
267 CVE-2005-1496 +Priv 2005-05-11 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.
268 CVE-2005-1495 2005-05-11 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.
269 CVE-2005-1494 XSS 2005-05-11 2017-07-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter.
270 CVE-2005-1493 Dir. Trav. 2005-05-11 2017-07-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SimpleCam 1.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URL.
271 CVE-2005-1492 XSS 2005-05-11 2017-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
272 CVE-2005-1491 2005-05-11 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html or (2) move arbitrary files via the importfile parameter to importaction.html.
273 CVE-2005-1490 2005-05-11 2017-07-10
2.1
None Local Low Not required Partial None None
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.
274 CVE-2005-1489 2005-05-11 2017-07-10
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html.
275 CVE-2005-1488 XSS 2005-05-11 2017-07-10
1.9
None Local Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html.
276 CVE-2005-1487 89 Exec Code Sql 2005-05-11 2018-10-19
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable.
277 CVE-2005-1486 79 XSS 2005-05-11 2018-10-19
5.0
None Remote Low Not required None Partial None
Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.
278 CVE-2005-1485 +Info 2005-05-11 2017-07-10
5.0
None Remote Low Not required Partial None None
Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message.
279 CVE-2005-1484 Dir. Trav. 2005-05-11 2017-07-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command.
280 CVE-2005-1483 XSS 2005-05-11 2017-07-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter.
281 CVE-2005-1482 +Priv 2005-05-11 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie.
282 CVE-2005-1481 Exec Code Sql 2005-05-11 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp.
283 CVE-2005-1480 Dir. Trav. 2005-05-11 2017-07-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command.
284 CVE-2005-1479 Exec Code Sql 2005-05-11 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
285 CVE-2005-1478 Exec Code 2005-05-11 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command.
286 CVE-2005-1477 Exec Code XSS 2005-05-09 2017-10-10
5.1
User Remote High Not required Partial Partial Partial
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
287 CVE-2005-1476 Exec Code 2005-05-09 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
288 CVE-2005-1472 2005-05-19 2008-09-05
2.1
None Local Low Not required Partial None None
Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories.
289 CVE-2005-1471 Exec Code Overflow 2005-05-06 2016-10-17
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data.
290 CVE-2005-1470 DoS 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.
291 CVE-2005-1469 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 allows remote attackers to cause the dissector to access an invalid pointer.
292 CVE-2005-1468 DoS 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors that lead to a null dereference.
293 CVE-2005-1467 DoS 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors.
294 CVE-2005-1466 DoS 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (large memory allocation) via unknown vectors.
295 CVE-2005-1465 DoS 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (long loop).
296 CVE-2005-1464 DoS 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, (4) EIGRP, (5) DLSw, (6) MEGACO, (7) LMP, and (8) RSVP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (infinite loop).
297 CVE-2005-1463 Exec Code 2005-05-05 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.
298 CVE-2005-1462 119 Exec Code Overflow 2005-05-05 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.
299 CVE-2005-1461 DoS Exec Code Overflow 2005-05-05 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
300 CVE-2005-1460 DoS 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unknown dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error) via an invalid protocol tree item length.
Total number of vulnerabilities : 1255   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.