CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2005(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4860 +Priv 2005-12-31 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
2 CVE-2005-4795 +Priv 2005-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local users to gain privileges via unknown attack vectors.
3 CVE-2005-4776 DoS Overflow +Priv 2005-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges.
4 CVE-2005-4762 +Priv 2005-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.
5 CVE-2005-4756 +Priv 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.
6 CVE-2005-4752 +Priv 2005-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.
7 CVE-2005-4751 +Priv XSS 2005-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors.
8 CVE-2005-4741 +Priv 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.
9 CVE-2005-4738 +Priv 2005-12-31 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges.
10 CVE-2005-4728 +Priv 2005-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory.
11 CVE-2005-4704 +Priv 2005-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.
12 CVE-2005-4660 +Priv 2005-12-31 2008-09-05
1.2
None Local High Not required None Partial None
Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup.
13 CVE-2005-4659 +Priv 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup.
14 CVE-2005-4552 +Priv 2005-12-28 2013-08-22
7.2
Admin Local Low Not required Complete Complete Complete
The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.
15 CVE-2005-4506 +Priv 2005-12-22 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in the devhound.tdbd file, which allows local users to gain privileges.
16 CVE-2005-4505 +Priv 2005-12-22 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.
17 CVE-2005-4499 +Priv 2005-12-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
18 CVE-2005-4458 +Priv 2005-12-21 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.
19 CVE-2005-4453 +Priv 2005-12-21 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field.
20 CVE-2005-4448 +Priv 2005-12-21 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.
21 CVE-2005-4443 +Priv 2005-12-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
22 CVE-2005-4442 +Priv 2005-12-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
23 CVE-2005-4345 +Priv 2005-12-18 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
24 CVE-2005-4338 +Priv 2005-12-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".
25 CVE-2005-4337 +Priv Bypass 2005-12-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.
26 CVE-2005-4280 +Priv 2005-12-16 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
27 CVE-2005-4279 +Priv 2005-12-16 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
28 CVE-2005-4278 +Priv 2005-12-16 2013-10-23
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
29 CVE-2005-4217 264 +Priv 2005-12-14 2011-08-23
7.5
User Remote Low Not required Partial Partial Partial
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.
30 CVE-2005-4069 +Priv 2005-12-07 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the "SunnComm Shared" directory, which allows local users to gain privileges by modifying programs installed in that directory, such as MMX.exe.
31 CVE-2005-4025 +Priv 2005-12-05 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user.
32 CVE-2005-3886 +Priv Bypass 2005-11-29 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software.
33 CVE-2005-3784 399 DoS +Priv 2005-11-23 2012-03-19
4.9
None Local Low Not required None None Complete
The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service (crash) and gain root privileges.
34 CVE-2005-3779 +Priv 2005-11-22 2011-05-19
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.
35 CVE-2005-3701 +Priv 2005-11-30 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
36 CVE-2005-3663 +Priv 2005-11-18 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.
37 CVE-2005-3629 +Priv 2005-12-31 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors.
38 CVE-2005-3620 +Priv 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.
39 CVE-2005-3588 Exec Code +Priv Sql 2005-11-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field.
40 CVE-2005-3546 +Priv 2005-11-16 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege.
41 CVE-2005-3538 +Priv 2005-12-31 2010-04-02
7.5
User Remote Low Not required Partial Partial Partial
hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges.
42 CVE-2005-3507 Exec Code +Priv Dir. Trav. 2005-11-06 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
43 CVE-2005-3503 +Priv 2005-11-05 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges.
44 CVE-2005-3434 +Priv +Info 2005-11-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges.
45 CVE-2005-3360 DoS +Priv 2005-12-14 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by modifying or moving critical program files.
46 CVE-2005-3345 +Priv Bypass 2005-12-28 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.
47 CVE-2005-3316 +Priv 2005-10-27 2013-07-07
7.5
User Remote Low Not required Partial Partial Partial
The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.
48 CVE-2005-3291 +Priv 2005-10-23 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files.
49 CVE-2005-3280 +Priv 2005-10-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Paros 3.2.5 uses a default password for the "sa" account in the underlying HSQLDB database and does not restrict access to the local machine, which allows remote attackers to gain privileges.
50 CVE-2005-3279 Overflow +Priv 2005-10-23 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option.
Total number of vulnerabilities : 221   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.