| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2005-4860 |
|
|
+Priv |
2005-12-31 |
2008-09-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password. |
|
2 |
CVE-2005-4795 |
|
|
+Priv |
2005-12-31 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local users to gain privileges via unknown attack vectors. |
|
3 |
CVE-2005-4776 |
|
|
DoS Overflow +Priv |
2005-12-31 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. |
|
4 |
CVE-2005-4762 |
|
|
+Priv |
2005-12-31 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges. |
|
5 |
CVE-2005-4756 |
|
|
+Priv |
2005-12-31 |
2018-09-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges. |
|
6 |
CVE-2005-4752 |
|
|
+Priv |
2005-12-31 |
2018-09-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role. |
|
7 |
CVE-2005-4751 |
|
|
+Priv XSS |
2005-12-31 |
2018-09-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors. |
|
8 |
CVE-2005-4741 |
|
|
+Priv |
2005-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. |
|
9 |
CVE-2005-4738 |
|
|
+Priv |
2005-12-31 |
2008-09-05 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. |
|
10 |
CVE-2005-4728 |
|
|
+Priv |
2005-12-31 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory. |
|
11 |
CVE-2005-4704 |
|
|
+Priv |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges. |
|
12 |
CVE-2005-4660 |
|
|
+Priv |
2005-12-31 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup. |
|
13 |
CVE-2005-4659 |
|
|
+Priv |
2005-12-31 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup. |
|
14 |
CVE-2005-4552 |
|
|
+Priv |
2005-12-28 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges. |
|
15 |
CVE-2005-4506 |
|
|
+Priv |
2005-12-23 |
2011-03-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in the devhound.tdbd file, which allows local users to gain privileges. |
|
16 |
CVE-2005-4505 |
|
|
+Priv |
2005-12-23 |
2017-07-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path. |
|
17 |
CVE-2005-4499 |
|
|
+Priv |
2005-12-22 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. |
|
18 |
CVE-2005-4458 |
|
|
+Priv |
2005-12-21 |
2018-10-19 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group. |
|
19 |
CVE-2005-4453 |
|
|
+Priv |
2005-12-21 |
2018-10-19 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field. |
|
20 |
CVE-2005-4448 |
|
|
+Priv |
2005-12-21 |
2017-07-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie. |
|
21 |
CVE-2005-4443 |
|
|
+Priv |
2005-12-21 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. |
|
22 |
CVE-2005-4442 |
|
|
+Priv |
2005-12-21 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. |
|
23 |
CVE-2005-4345 |
|
|
+Priv |
2005-12-19 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. |
|
24 |
CVE-2005-4338 |
|
|
+Priv |
2005-12-19 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin". |
|
25 |
CVE-2005-4337 |
|
|
+Priv Bypass |
2005-12-19 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter. |
|
26 |
CVE-2005-4280 |
|
|
+Priv |
2005-12-16 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. |
|
27 |
CVE-2005-4279 |
|
|
+Priv |
2005-12-16 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. |
|
28 |
CVE-2005-4278 |
|
|
+Priv |
2005-12-16 |
2013-10-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. |
|
29 |
CVE-2005-4217 |
264 |
|
+Priv |
2005-12-14 |
2017-07-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges. |
|
30 |
CVE-2005-4069 |
264 |
|
+Priv |
2005-12-08 |
2011-03-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the "SunnComm Shared" directory, which allows local users to gain privileges by modifying programs installed in that directory, such as MMX.exe. |
|
31 |
CVE-2005-4025 |
|
|
+Priv |
2005-12-05 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user. |
|
32 |
CVE-2005-3886 |
|
|
+Priv Bypass |
2005-11-29 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. |
|
33 |
CVE-2005-3784 |
399 |
|
DoS +Priv |
2005-11-23 |
2018-10-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service (crash) and gain root privileges. |
|
34 |
CVE-2005-3779 |
|
|
+Priv |
2005-11-23 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors. |
|
35 |
CVE-2005-3701 |
|
|
+Priv |
2005-12-01 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors. |
|
36 |
CVE-2005-3663 |
|
|
+Priv |
2005-11-18 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. |
|
37 |
CVE-2005-3629 |
|
|
+Priv |
2005-12-31 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors. |
|
38 |
CVE-2005-3620 |
|
|
+Priv |
2005-12-31 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. |
|
39 |
CVE-2005-3588 |
|
|
Exec Code +Priv Sql |
2005-11-16 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field. |
|
40 |
CVE-2005-3546 |
|
|
+Priv |
2005-11-16 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege. |
|
41 |
CVE-2005-3538 |
|
|
+Priv |
2005-12-31 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges. |
|
42 |
CVE-2005-3507 |
|
|
Exec Code +Priv Dir. Trav. |
2005-11-06 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php. |
|
43 |
CVE-2005-3503 |
|
|
+Priv |
2005-11-05 |
2018-10-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges. |
|
44 |
CVE-2005-3434 |
|
|
+Priv +Info |
2005-11-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges. |
|
45 |
CVE-2005-3360 |
|
|
DoS +Priv |
2005-12-14 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by modifying or moving critical program files. |
|
46 |
CVE-2005-3345 |
|
|
+Priv Bypass |
2005-12-28 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory. |
|
47 |
CVE-2005-3316 |
|
|
+Priv |
2005-10-27 |
2013-07-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password. |
|
48 |
CVE-2005-3291 |
|
|
+Priv |
2005-10-23 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files. |
|
49 |
CVE-2005-3280 |
|
|
+Priv |
2005-10-23 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Paros 3.2.5 uses a default password for the "sa" account in the underlying HSQLDB database and does not restrict access to the local machine, which allows remote attackers to gain privileges. |
|
50 |
CVE-2005-3279 |
|
|
Overflow +Priv |
2005-10-23 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option. |
