Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.
Max CVSS
9.3
EPSS Score
25.65%
Published
2005-12-31
Updated
2017-07-29
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.
Max CVSS
10.0
EPSS Score
25.84%
Published
2005-12-31
Updated
2017-07-29
The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.
Max CVSS
9.4
EPSS Score
0.19%
Published
2005-12-31
Updated
2015-07-28
Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number of security holes which could lead to compromise," a different issue than CVE-2005-4846.
Max CVSS
10.0
EPSS Score
0.26%
Published
2005-12-31
Updated
2008-09-10
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.
Max CVSS
10.0
EPSS Score
6.30%
Published
2005-12-31
Updated
2017-10-11
VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2005-12-31
Updated
2018-08-13
Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
1.58%
Published
2005-12-31
Updated
2011-03-08
Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.
Max CVSS
9.0
EPSS Score
0.85%
Published
2005-12-31
Updated
2017-07-20
Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds.
Max CVSS
10.0
EPSS Score
0.26%
Published
2005-12-31
Updated
2008-09-05
Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable.
Max CVSS
10.0
EPSS Score
0.13%
Published
2005-12-31
Updated
2009-11-12
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
Max CVSS
10.0
EPSS Score
0.91%
Published
2005-12-29
Updated
2011-03-08
Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
Max CVSS
10.0
EPSS Score
1.17%
Published
2005-12-29
Updated
2011-03-08
Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.
Max CVSS
10.0
EPSS Score
95.14%
Published
2005-12-21
Updated
2018-10-30
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.
Max CVSS
9.0
EPSS Score
0.54%
Published
2005-12-21
Updated
2018-10-19
UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field.
Max CVSS
9.0
EPSS Score
0.47%
Published
2005-12-21
Updated
2018-10-19
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.
Max CVSS
10.0
EPSS Score
0.58%
Published
2005-12-21
Updated
2017-07-20
Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."
Max CVSS
10.0
EPSS Score
0.21%
Published
2005-12-20
Updated
2008-09-05
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".
Max CVSS
10.0
EPSS Score
0.44%
Published
2005-12-19
Updated
2008-09-05
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
Max CVSS
9.4
EPSS Score
2.00%
Published
2005-12-17
Updated
2018-10-30
Multiple unspecified vulnerabilities in Driverse before 0.56b have unknown impact and attack vectors, related to (1) a "ptrace exploit" and (2) "some other potential security problems."
Max CVSS
10.0
EPSS Score
0.58%
Published
2005-12-17
Updated
2017-07-20
Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.
Max CVSS
10.0
EPSS Score
7.41%
Published
2005-12-15
Updated
2018-10-19
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199.
Max CVSS
10.0
EPSS Score
0.47%
Published
2005-12-13
Updated
2011-03-07
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.
Max CVSS
9.4
EPSS Score
0.20%
Published
2005-12-11
Updated
2008-09-05
Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.
Max CVSS
10.0
EPSS Score
1.92%
Published
2005-12-08
Updated
2017-10-11
Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/authorization.xml.
Max CVSS
10.0
EPSS Score
0.21%
Published
2005-12-05
Updated
2012-10-22
38 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!