Security Vulnerabilities, CVEs, Published In November 2005 (Information Leak)
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758.
Max CVSS
5.0
EPSS Score
1.09%
Published
2005-11-22
Updated
2018-10-19
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
Max CVSS
6.4
EPSS Score
1.60%
Published
2005-11-21
Updated
2017-07-11
phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
Max CVSS
5.0
EPSS Score
1.24%
Published
2005-11-17
Updated
2017-07-11
tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.
Max CVSS
5.0
EPSS Score
1.16%
Published
2005-11-20
Updated
2018-10-19
CVE-2005-3498
Public exploit
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.
Max CVSS
4.3
EPSS Score
0.37%
Published
2005-11-04
Updated
2018-09-26
CVE-2005-3398
Public exploit
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
Max CVSS
4.3
EPSS Score
0.80%
Published
2005-11-01
Updated
2018-10-30
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
Max CVSS
2.1
EPSS Score
0.07%
Published
2005-11-01
Updated
2011-03-08
7 vulnerabilities found