CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2005(Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4861 287 Bypass 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.
2 CVE-2005-4852 264 Bypass 2005-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.
3 CVE-2005-4851 287 Bypass 2005-12-31 2008-09-05
4.0
None Remote Low Single system Partial None None
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
4 CVE-2005-4827 Bypass 2005-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.
5 CVE-2005-4825 DoS Bypass 2005-12-31 2008-09-05
5.7
None Local Network Medium Not required None None Complete
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332.
6 CVE-2005-4789 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level.
7 CVE-2005-4788 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices."
8 CVE-2005-4771 Bypass 2005-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized.
9 CVE-2005-4757 Bypass 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections.
10 CVE-2005-4725 Bypass 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID.
11 CVE-2005-4715 Exec Code Sql Bypass 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests.
12 CVE-2005-4657 Bypass +Info 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13 CVE-2005-4653 Bypass 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument.
14 CVE-2005-4636 Bypass 2005-12-31 2009-11-12
4.6
None Local Low Not required Partial Partial Partial
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.
15 CVE-2005-4590 Bypass 2005-12-30 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will execute because of the autorun setting and (2) applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe file.
16 CVE-2005-4563 Exec Code Sql Bypass 2005-12-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875.
17 CVE-2005-4526 Bypass 2005-12-27 2008-09-05
5.0
None Remote Low Not required None Partial None
Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file.
18 CVE-2005-4518 Bypass 2005-12-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.
19 CVE-2005-4514 Bypass 2005-12-22 2008-09-05
5.0
None Remote Low Not required None Partial None
** DISPUTED ** The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and has asked the researcher for more information, without a response as of 20060103.
20 CVE-2005-4501 Exec Code XSS Bypass 2005-12-22 2008-09-05
4.3
None Remote Medium Not required None Partial None
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.
21 CVE-2005-4454 XSS Bypass 2005-12-21 2008-09-05
4.3
None Remote Medium Not required None Partial None
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.
22 CVE-2005-4441 Bypass 2005-12-20 2008-09-05
5.0
None Remote Low Not required None Partial None
The PVLAN protocol allows remote attackers to bypass network segmentation and spoof PVLAN traffic via a PVLAN message with a target MAC address that is set to a gateway router, which causes the packet to be sent to the router, where the source MAC is modified, aka "Modification of the MAC spoofing PVLAN jumping attack," as demonstrated by pvlan.c.
23 CVE-2005-4440 Bypass 2005-12-20 2008-09-05
5.0
None Remote Low Not required None Partial None
The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN jumping attack."
24 CVE-2005-4352 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
25 CVE-2005-4351 Bypass 2005-12-31 2008-09-05
4.3
None Local Low Single system Partial Partial Partial
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.
26 CVE-2005-4342 Bypass 2005-12-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."
27 CVE-2005-4337 +Priv Bypass 2005-12-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.
28 CVE-2005-4332 DoS Bypass 2005-12-17 2008-09-05
9.4
None Remote Low Not required None Complete Complete
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
29 CVE-2005-4260 XSS Bypass 2005-12-15 2008-09-05
4.3
None Remote Medium Not required None Partial None
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
30 CVE-2005-4155 Exec Code Bypass 2005-12-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
31 CVE-2005-4147 Bypass 2005-12-10 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml (TCL) files via (1) a request with a trailing null byte (%00), which might also require (2) an authentication bypass step that involves a username with a trailing "@" characters.
32 CVE-2005-4093 264 Bypass 2005-12-08 2011-05-18
6.5
None Remote Low Single system Partial Partial Partial
Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.
33 CVE-2005-4089 264 XSS Bypass +Info 2005-12-08 2011-09-27
7.1
None Remote Medium Not required Complete None None
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
34 CVE-2005-4081 Exec Code Sql Bypass 2005-12-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands via the username and password parameters in (1) the user login and (2) administrator login pages.
35 CVE-2005-4077 189 DoS Overflow Bypass 2005-12-07 2011-09-08
4.6
User Local Low Not required Partial Partial Partial
Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
36 CVE-2005-4006 287 Bypass 2005-12-04 2012-10-22
7.5
User Remote Low Not required Partial Partial Partial
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.
37 CVE-2005-3974 Bypass 2005-12-03 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
38 CVE-2005-3968 Exec Code Sql Bypass 2005-12-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.
39 CVE-2005-3893 Exec Code Sql Bypass 2005-11-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
40 CVE-2005-3886 +Priv Bypass 2005-11-29 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software.
41 CVE-2005-3819 Sql Bypass 2005-11-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.
42 CVE-2005-3793 Exec Code Sql Bypass 2005-11-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php.
43 CVE-2005-3786 Bypass 2005-11-23 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.
44 CVE-2005-3782 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.
45 CVE-2005-3751 XSS Bypass 2005-11-22 2008-09-05
4.3
None Remote Medium Not required None Partial None
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
46 CVE-2005-3741 Bypass 2005-11-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions.
47 CVE-2005-3698 Bypass 2005-11-21 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP Easy Download allows remote attackers to bypass authentication via edit.php.
48 CVE-2005-3697 Bypass 2005-11-21 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php.
49 CVE-2005-3679 Exec Code Sql Bypass 2005-11-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel.
50 CVE-2005-3647 Bypass 2005-11-17 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory.
Total number of vulnerabilities : 289   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.