CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2005(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4875 200 +Info 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.
2 CVE-2005-4868 200 DoS +Info 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain senstitive information, such as cleartext passwords, and cause a denial of service.
3 CVE-2005-4862 255 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.
4 CVE-2005-4856 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".
5 CVE-2005-4854 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.
6 CVE-2005-4849 200 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
7 CVE-2005-4839 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates.
8 CVE-2005-4836 200 +Info 2005-12-31 2012-02-09
7.8
None Remote Low Not required Complete None None
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9 CVE-2005-4834 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container.
10 CVE-2005-4833 +Info 2005-12-31 2008-11-13
4.3
None Remote Medium Not required Partial None None
IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.
11 CVE-2005-4787 Exec Code +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
** DISPUTED ** Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue."
12 CVE-2005-4754 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation."
13 CVE-2005-4726 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is near the end of a message chain.
14 CVE-2005-4722 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message.
15 CVE-2005-4703 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
16 CVE-2005-4701 +Info 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.
17 CVE-2005-4700 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message.
18 CVE-2005-4699 +Info 2005-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter.
19 CVE-2005-4686 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.
20 CVE-2005-4657 Bypass +Info 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
21 CVE-2005-4626 +Info 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request.
22 CVE-2005-4609 +Info 2005-12-31 2008-09-20
5.0
None Remote Low Not required Partial None None
index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter.
23 CVE-2005-4575 +Info 2005-12-29 2008-09-20
5.0
None Remote Low Not required Partial None None
PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message.
24 CVE-2005-4524 +Info 2005-12-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.
25 CVE-2005-4523 +Info 2005-12-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
26 CVE-2005-4463 +Info 2005-12-21 2008-09-05
5.0
None Remote Low Not required Partial None None
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1.
27 CVE-2005-4452 +Info 2005-12-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.
28 CVE-2005-4371 +Info 2005-12-19 2008-09-05
5.0
None Remote Low Not required Partial None None
Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb.
29 CVE-2005-4320 200 +Info 2005-12-17 2011-10-07
5.0
None Remote Low Not required Partial None None
Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message.
30 CVE-2005-4304 +Info 2005-12-16 2008-09-20
5.0
None Remote Low Not required Partial None None
index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments.
31 CVE-2005-4249 +Info 2005-12-15 2008-09-05
5.0
None Remote Low Not required Partial None None
ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory.
32 CVE-2005-4219 +Info 2005-12-14 2008-09-05
5.0
None Remote Low Not required Partial None None
setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processsed before content is returned to the user, so this might not be a vulnerability.
33 CVE-2005-4214 200 +Info 2005-12-14 2011-08-10
5.0
None Remote Low Not required Partial None None
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.
34 CVE-2005-4173 +Info 2005-12-11 2008-09-05
5.0
None Remote Low Not required Partial None None
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.
35 CVE-2005-4172 +Info 2005-12-11 2008-09-05
5.0
None Remote Low Not required Partial None None
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message.
36 CVE-2005-4149 +Info 2005-12-10 2008-09-05
5.0
None Remote Low Not required Partial None None
Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages.
37 CVE-2005-4148 +Info 2005-12-10 2008-09-05
5.0
None Remote Low Not required Partial None None
Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page.
38 CVE-2005-4146 +Info 2005-12-10 2008-09-05
5.0
None Remote Low Not required Partial None None
Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information.
39 CVE-2005-4089 264 XSS Bypass +Info 2005-12-08 2011-09-27
7.1
None Remote Medium Not required Complete None None
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
40 CVE-2005-4033 +Info 2005-12-06 2008-09-05
5.0
None Remote Low Not required Partial None None
Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow them to be shared when they are not protected by PRIVATEDATADIR in nodezilla.ini, which allows remote attackers to obtain sensitive information.
41 CVE-2005-4026 +Info 2005-12-05 2008-09-20
5.0
None Remote Low Not required Partial None None
search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message.
42 CVE-2005-4021 +Info 2005-12-05 2008-09-05
5.0
None Remote Low Not required Partial None None
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
43 CVE-2005-4013 +Info 2005-12-05 2008-09-05
5.0
None Remote Low Not required Partial None None
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file.
44 CVE-2005-4005 Exec Code Sql +Info 2005-12-04 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.
45 CVE-2005-3997 +Info 2005-12-04 2008-09-05
2.6
None Remote High Not required Partial None None
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message.
46 CVE-2005-3979 +Info 2005-12-03 2008-09-05
5.0
None Remote Low Not required Partial None None
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta does not remove is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
47 CVE-2005-3923 +Info 2005-11-30 2008-09-05
5.0
None Remote Low Not required Partial None None
NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site.
48 CVE-2005-3804 DoS +Info 2005-11-24 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.
49 CVE-2005-3803 +Info 2005-11-24 2008-09-05
5.0
None Remote Low Not required Partial None None
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.
50 CVE-2005-3800 +Info 2005-11-24 2008-09-05
5.0
None Remote Low Not required Partial None None
Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information.
Total number of vulnerabilities : 260   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.