CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2005-1459 DoS 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error).
302 CVE-2005-1458 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors.
303 CVE-2005-1457 DoS 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreChannel, (4) GSM_MAP, (5) SRVLOC, and (6) NTLMSSP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash).
304 CVE-2005-1456 DoS 2005-05-05 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort).
305 CVE-2005-1455 DoS Overflow 2005-05-19 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
306 CVE-2005-1454 Exec Code Sql 2005-05-19 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
307 CVE-2005-1453 DoS 2005-05-05 2008-09-05
5.0
None Remote Low Not required None None Partial
fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers.
308 CVE-2005-1452 2005-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."
309 CVE-2005-1451 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.
310 CVE-2005-1450 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.
311 CVE-2005-1449 2005-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
312 CVE-2005-1448 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
313 CVE-2005-1447 Exec Code File Inclusion 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter.
314 CVE-2005-1446 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket.
315 CVE-2005-1445 Dir. Trav. 2005-05-03 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php.
316 CVE-2005-1444 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php.
317 CVE-2005-1443 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.
318 CVE-2005-1442 DoS Exec Code Overflow 2005-05-03 2017-07-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file.
319 CVE-2005-1441 DoS 2005-05-03 2017-07-10
5.0
None Remote Low Not required None None Partial
Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).
320 CVE-2005-1440 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.
321 CVE-2005-1439 Dir. Trav. 2005-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
322 CVE-2005-1438 Exec Code File Inclusion 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.
323 CVE-2005-1437 Exec Code Sql 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php.
324 CVE-2005-1436 XSS 2005-05-03 2013-07-14
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket.
325 CVE-2005-1435 Exec Code 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
326 CVE-2005-1434 DoS Exec Code 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code.
327 CVE-2005-1433 DoS Exec Code 2005-05-03 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code.
328 CVE-2005-1431 DoS 2005-05-03 2017-10-10
5.0
None Remote Low Not required None None Partial
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
329 CVE-2005-1430 2005-05-03 2008-09-10
3.6
None Local Low Not required Partial Partial None
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
330 CVE-2005-1429 Exec Code Sql 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter.
331 CVE-2005-1428 2005-05-03 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files.
332 CVE-2005-1427 +Info 2005-05-03 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb.
333 CVE-2005-1426 264 2005-05-03 2017-10-10
5.0
None Remote Low Not required Partial None None
Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb).
334 CVE-2005-1425 264 2005-05-03 2018-10-19
5.0
None Remote Low Not required Partial None None
Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb.
335 CVE-2005-1424 +Info 2005-05-03 2017-07-10
2.1
None Local Low Not required Partial None None
StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information.
336 CVE-2005-1423 DoS Dir. Trav. 2005-05-03 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter.
337 CVE-2005-1422 DoS 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to conduct administrator operations and cause a denial of service (server or camera shutdown) via a direct request to admin.html.
338 CVE-2005-1421 Dir. Trav. 2005-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request.
339 CVE-2005-1420 2005-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" (hex-encoded space).
340 CVE-2005-1419 Exec Code Sql 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter.
341 CVE-2005-1418 +Priv 2005-05-03 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges.
342 CVE-2005-1417 Exec Code Sql 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp.
343 CVE-2005-1416 Dir. Trav. 2005-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder.
344 CVE-2005-1415 Exec Code Overflow 2005-05-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.
345 CVE-2005-1414 +Priv 2005-05-03 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges.
346 CVE-2005-1413 Exec Code +Priv Sql 2005-05-03 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp.
347 CVE-2005-1412 Exec Code Sql 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter.
348 CVE-2005-1411 +Priv 2005-05-03 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges.
349 CVE-2005-1410 DoS 2005-05-03 2018-10-19
2.1
None Local Low Not required None None Partial
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.
350 CVE-2005-1409 2005-05-03 2018-10-19
7.5
User Remote Low Not required Partial Partial Partial
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."
Total number of vulnerabilities : 1255   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.