| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2005-4875 |
200 |
|
+Info |
2005-12-31 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables. |
|
2 |
CVE-2005-4868 |
200 |
|
DoS +Info |
2005-12-31 |
2017-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. |
|
3 |
CVE-2005-4862 |
255 |
|
+Info |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. |
|
4 |
CVE-2005-4856 |
19 |
|
+Info |
2005-12-31 |
2015-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url". |
|
5 |
CVE-2005-4854 |
264 |
|
+Info |
2005-12-31 |
2015-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders. |
|
6 |
CVE-2005-4849 |
200 |
|
+Info |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. |
|
7 |
CVE-2005-4839 |
|
|
+Info |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates. |
|
8 |
CVE-2005-4836 |
200 |
|
+Info |
2005-12-31 |
2019-03-25 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. |
|
9 |
CVE-2005-4834 |
|
|
+Info |
2005-12-31 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. |
|
10 |
CVE-2005-4833 |
|
|
+Info |
2005-12-31 |
2011-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format. |
|
11 |
CVE-2005-4787 |
|
|
Exec Code +Info |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue." |
|
12 |
CVE-2005-4754 |
|
|
+Info |
2005-12-31 |
2018-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation." |
|
13 |
CVE-2005-4726 |
|
|
+Info |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is near the end of a message chain. |
|
14 |
CVE-2005-4722 |
|
|
+Info |
2005-12-31 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message. |
|
15 |
CVE-2005-4703 |
|
|
+Info |
2005-12-31 |
2019-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. |
|
16 |
CVE-2005-4701 |
|
|
+Info |
2005-12-31 |
2011-03-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx. |
|
17 |
CVE-2005-4700 |
|
|
+Info |
2005-12-31 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message. |
|
18 |
CVE-2005-4699 |
|
|
+Info |
2005-12-31 |
2017-07-20 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter. |
|
19 |
CVE-2005-4686 |
|
|
+Info |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information. |
|
20 |
CVE-2005-4657 |
|
|
Bypass +Info |
2005-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
21 |
CVE-2005-4626 |
|
|
+Info |
2005-12-31 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request. |
|
22 |
CVE-2005-4609 |
|
|
+Info |
2005-12-31 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter. |
|
23 |
CVE-2005-4575 |
|
|
+Info |
2005-12-29 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message. |
|
24 |
CVE-2005-4524 |
|
|
+Info |
2005-12-28 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak. |
|
25 |
CVE-2005-4523 |
|
|
+Info |
2005-12-28 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information. |
|
26 |
CVE-2005-4463 |
|
|
+Info |
2005-12-21 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1. |
|
27 |
CVE-2005-4452 |
|
|
+Info |
2005-12-21 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. |
|
28 |
CVE-2005-4371 |
|
|
+Info |
2005-12-20 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb. |
|
29 |
CVE-2005-4368 |
200 |
|
+Info |
2005-12-20 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. |
|
30 |
CVE-2005-4320 |
200 |
|
+Info |
2005-12-17 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message. |
|
31 |
CVE-2005-4304 |
|
|
+Info |
2005-12-17 |
2008-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments. |
|
32 |
CVE-2005-4249 |
|
|
+Info |
2005-12-15 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory. |
|
33 |
CVE-2005-4219 |
|
|
+Info |
2005-12-14 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processed before content is returned to the user, so this might not be a vulnerability. |
|
34 |
CVE-2005-4214 |
200 |
|
+Info |
2005-12-14 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined. |
|
35 |
CVE-2005-4173 |
|
|
+Info |
2005-12-11 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. |
|
36 |
CVE-2005-4172 |
|
|
+Info |
2005-12-11 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message. |
|
37 |
CVE-2005-4149 |
|
|
+Info |
2005-12-10 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages. |
|
38 |
CVE-2005-4148 |
|
|
+Info |
2005-12-10 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page. |
|
39 |
CVE-2005-4146 |
|
|
+Info |
2005-12-10 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information. |
|
40 |
CVE-2005-4089 |
264 |
|
XSS Bypass +Info |
2005-12-08 |
2021-07-23 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." |
|
41 |
CVE-2005-4033 |
|
|
+Info |
2005-12-06 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow them to be shared when they are not protected by PRIVATEDATADIR in nodezilla.ini, which allows remote attackers to obtain sensitive information. |
|
42 |
CVE-2005-4026 |
|
|
+Info |
2005-12-05 |
2018-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message. |
|
43 |
CVE-2005-4021 |
|
|
+Info |
2005-12-05 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. |
|
44 |
CVE-2005-4013 |
|
|
+Info |
2005-12-05 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file. |
|
45 |
CVE-2005-4005 |
|
|
Exec Code Sql +Info |
2005-12-05 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php. |
|
46 |
CVE-2005-3997 |
|
|
+Info |
2005-12-05 |
2018-10-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message. |
|
47 |
CVE-2005-3979 |
287 |
|
+Info |
2005-12-03 |
2019-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. |
|
48 |
CVE-2005-3923 |
|
|
+Info |
2005-11-30 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site. |
|
49 |
CVE-2005-3804 |
|
|
DoS +Info |
2005-11-24 |
2017-07-11 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service. |
|
50 |
CVE-2005-3803 |
|
|
+Info |
2005-11-24 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. |
