CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-1934 DoS 2005-05-19 2010-08-21
5.0
None Remote Low Not required None None Partial
Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.
2 CVE-2005-1907 DoS 2005-05-31 2008-09-10
5.0
None Remote Low Not required None None Partial
The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
3 CVE-2005-1866 XSS 2005-05-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.
4 CVE-2005-1833 Exec Code Sql 2005-05-31 2013-07-16
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
5 CVE-2005-1832 XSS 2005-05-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php.
6 CVE-2005-1831 +Priv 2005-05-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty."
7 CVE-2005-1830 DoS 2005-05-29 2008-09-05
5.0
None Remote Low Not required None None Partial
The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 allows remote attackers to cause a denial of service (application crash) via an invalid Debug Message pointer.
8 CVE-2005-1829 DoS 2005-05-28 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other.
9 CVE-2005-1828 +Info 2005-05-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
10 CVE-2005-1827 +Priv Bypass 2005-05-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
11 CVE-2005-1826 Exec Code Overflow 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension.
12 CVE-2005-1825 Exec Code Overflow 2005-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process.
13 CVE-2005-1808 DoS 2005-05-30 2008-09-05
5.0
None Remote Low Not required None None Partial
Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large size value for the nickname, which causes a memory allocation failure and generates an exception.
14 CVE-2005-1807 DoS 2005-05-28 2008-09-05
5.0
None Remote Low Not required None None Partial
The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.
15 CVE-2005-1806 Exec Code 2005-05-28 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
16 CVE-2005-1805 Exec Code Sql 2005-05-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp in an unknown product by Online Solutions for Educators (OS4E) allows remote attackers to execute arbitrary SQL commands via the password.
17 CVE-2005-1804 Exec Code Sql 2005-05-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php.
18 CVE-2005-1803 XSS 2005-05-29 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php.
19 CVE-2005-1802 DoS 2005-05-27 2008-09-05
5.0
None Remote Low Not required None None Partial
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
20 CVE-2005-1801 DoS 2005-05-26 2008-09-10
2.6
None Remote High Not required None None Partial
The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.
21 CVE-2005-1800 XSS 2005-05-28 2008-09-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.
22 CVE-2005-1799 XSS 2005-05-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
23 CVE-2005-1798 Dir. Trav. 2005-05-29 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
24 CVE-2005-1797 2005-05-26 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.
25 CVE-2005-1796 Exec Code 2005-05-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code.
26 CVE-2005-1795 Exec Code 2005-05-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked.
27 CVE-2005-1791 2005-05-28 2008-09-05
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE.
28 CVE-2005-1789 Exec Code Sql 2005-05-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password.
29 CVE-2005-1787 +Priv Bypass 2005-05-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
30 CVE-2005-1786 Exec Code +Priv Sql 2005-05-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter.
31 CVE-2005-1785 Exec Code Sql 2005-05-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
32 CVE-2005-1784 +Priv 2005-05-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.
33 CVE-2005-1783 2005-05-31 2008-09-10
5.0
None Remote Low Not required Partial None None
BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or an incorrect submit[type] value, which reveals the path in the resulting error message. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE.
34 CVE-2005-1782 XSS 2005-05-26 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE.
35 CVE-2005-1781 DoS 2005-05-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).
36 CVE-2005-1780 Exec Code Sql 2005-05-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password.
37 CVE-2005-1779 Exec Code Sql 2005-05-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
38 CVE-2005-1778 XSS 2005-05-31 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.
39 CVE-2005-1777 Exec Code Sql 2005-05-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
40 CVE-2005-1776 Exec Code Overflow 2005-05-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string.
41 CVE-2005-1775 DoS 2005-05-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a large nickname.
42 CVE-2005-1774 2005-05-31 2008-09-05
2.1
None Local Low Not required None Partial None
WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem.
43 CVE-2005-1773 DoS Exec Code 2005-05-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available.
44 CVE-2005-1772 DoS Overflow 2005-05-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the client cd-key hash in Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a long client cd-key hash value, a different vulnerability than CVE-2005-1556.
45 CVE-2005-1771 2005-05-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t.
46 CVE-2005-1770 119 DoS Exec Code Overflow 2005-05-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 and possibly other versions allows local users to cause a denial of service (system crash) and possibly execute arbitrary code via certain signals combined with crafted input.
47 CVE-2005-1765 DoS 2005-05-31 2008-09-05
2.1
None Local Low Not required None None Partial
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service (kernel hang) via crafted arguments.
48 CVE-2005-1751 2005-05-25 2010-08-21
3.7
None Local High Not required Partial Partial Partial
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
49 CVE-2005-1750 Exec Code Sql 2005-05-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
50 CVE-2005-1749 DoS Overflow 2005-05-24 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).
Total number of vulnerabilities : 1255   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.