Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916.
Max CVSS
10.0
EPSS Score
0.26%
Published
2005-07-19
Updated
2016-10-18
A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors.
Max CVSS
10.0
EPSS Score
0.26%
Published
2005-07-19
Updated
2016-10-18
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
Max CVSS
10.0
EPSS Score
1.03%
Published
2005-07-06
Updated
2011-03-08
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.27%
Published
2005-07-12
Updated
2008-09-05
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.21%
Published
2005-07-12
Updated
2020-12-01
Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.
Max CVSS
10.0
EPSS Score
0.21%
Published
2005-07-13
Updated
2008-09-05
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.
Max CVSS
10.0
EPSS Score
0.83%
Published
2005-07-13
Updated
2016-10-18
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.
Max CVSS
10.0
EPSS Score
2.84%
Published
2005-07-13
Updated
2008-09-05
Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.
Max CVSS
10.0
EPSS Score
9.89%
Published
2005-07-15
Updated
2018-08-13
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.
Max CVSS
10.0
EPSS Score
0.34%
Published
2005-07-18
Updated
2008-09-05
wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.
Max CVSS
10.0
EPSS Score
19.44%
Published
2005-07-18
Updated
2016-10-18
Y.SAK allows remote attackers to execute arbitrary commands via shell metacharacters in the $no variable to (1) w_s3mbfm.cgi, (2) w_s3adix.cgi, or (3) w_s3sbfm.cgi.
Max CVSS
10.0
EPSS Score
0.39%
Published
2005-07-20
Updated
2008-09-05
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
Max CVSS
9.8
EPSS Score
34.25%
Published
2005-07-18
Updated
2024-02-02
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
Max CVSS
9.3
EPSS Score
93.96%
Published
2005-07-19
Updated
2011-03-08
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
Max CVSS
9.3
EPSS Score
0.74%
Published
2005-07-26
Updated
2017-10-11
Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
Max CVSS
7.5
EPSS Score
14.55%
Published
2005-07-12
Updated
2018-10-12
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
Max CVSS
7.5
EPSS Score
88.94%
Published
2005-07-18
Updated
2020-01-21
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
Max CVSS
7.5
EPSS Score
94.49%
Published
2005-07-12
Updated
2018-10-12
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
Max CVSS
7.5
EPSS Score
6.76%
Published
2005-07-26
Updated
2017-10-11
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
Max CVSS
7.5
EPSS Score
0.32%
Published
2005-07-26
Updated
2024-01-25

CVE-2005-1921

Public exploit
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
Max CVSS
7.5
EPSS Score
95.89%
Published
2005-07-05
Updated
2024-02-14

CVE-2005-2086

Public exploit
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
Max CVSS
7.5
EPSS Score
15.24%
Published
2005-07-05
Updated
2016-10-18
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
Max CVSS
7.5
EPSS Score
5.89%
Published
2005-07-06
Updated
2022-06-22
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
Max CVSS
7.5
EPSS Score
0.79%
Published
2005-07-05
Updated
2017-10-11
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
Max CVSS
7.5
EPSS Score
0.26%
Published
2005-07-05
Updated
2016-10-18
288 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!