CVE Daily
← All years

Uncategorized 2005

Page 1/38.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2005-12-31
High

CVE-2005-4750

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4741

NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4748

PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: t…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2005-4747

Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4746

Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-4745

SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4744

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) an…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2005-4743

Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4742

Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2005-4740

IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client."

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2005-4732

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) description p…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4739

IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2005-4738

IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2005-4737

IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4736

IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_h…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2005-4735

IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal,…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2005-4734

Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url param…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2005-4733

NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow local users to cause a denial of service (infinite loop and system hang) by calling the F_CLOSEM fcntl with a parameter value of 0.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2005-4749

HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP hea…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4760

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failur…

CVSS: 5.1CWE: N/A
Read more
Medium

CVE-2005-4751

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2005-4752

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privi…

CVSS: 4.6CWE: N/A
Read more
High

CVE-2005-4769

SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_id parameter. NOTE: the provenance of this inform…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4768

SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.p…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4767

BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid lo…

CVSS: 5.1CWE: N/A
Read more
Medium

CVE-2005-4766

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization m…

CVSS: 5.4CWE: N/A
Read more
High

CVE-2005-4765

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an…

CVSS: 7.6CWE: N/A
Read more
High

CVE-2005-4764

BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-4763

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an excepti…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4762

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local use…

CVSS: 7.2CWE: N/A
Read more
Low

CVE-2005-4761

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (pass…

CVSS: 1.2CWE: N/A
Read more
Critical

CVE-2005-4730

Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2005-4759

BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitiv…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4758

Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown atta…

CVSS: 4.0CWE: N/A
Read more
High

CVE-2005-4757

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4756

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to ga…

CVSS: 7.5CWE: N/A
Read more
Low

CVE-2005-4755

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2005-4754

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address trans…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4753

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attac…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4731

The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Refer…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4721

Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4729

SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4707

Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4705

BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4704

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4703

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathna…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4702

SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this…

CVSS: 6.4CWE: N/A
Read more
Low

CVE-2005-4701

Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2005-4700

TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the fu…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4698

Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters.

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2005-4697

The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2005-4696

The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attacker…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2005-4695

Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4694

Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4693

Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4692

Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5b has unknown attack vectors and impact, related to cookies.

CVSS: 7.5CWE: N/A
Read more
Low

CVE-2005-4691

imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2005-4690

Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2005-4689

Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4688

PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2005-4706

Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the se…

CVSS: 2.1CWE: N/A
Read more
High

CVE-2005-4708

Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, inclu…

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2005-4728

Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory.

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2005-4709

The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentic…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4727

Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field.

CVSS: 5.1CWE: N/A
Read more
Medium

CVE-2005-4726

MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is ne…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4725

Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4724

SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4723

D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involvin…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4722

_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4771

Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) dev…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2005-4720

Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a proble…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4719

Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) th…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4718

Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4717

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client cras…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4716

Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid data to a port used by a system-server process, an…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4715

Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) p…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4714

Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4713

Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecifie…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4712

CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has dispute…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4710

Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer,"…

CVSS: 4.6CWE: N/A
Read more
High

CVE-2005-4770

SQL injection vulnerability in an unspecified Accelerated Enterprise Solutions product, possibly Accelerated E Solutions, allows remote attackers to execute arbitrary SQL commands via the password pa…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4781

Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the (1) idartist, (2) idsong, and (3)…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4772

liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensiti…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2005-4839

PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4835

The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a con…

CVSS: 7.1CWE: N/A
Read more
Medium

CVE-2005-4834

IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web co…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4833

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sens…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4832

SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4831

viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other att…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4830

CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type pa…

CVSS: 7.6CWE: N/A
Read more
Critical

CVE-2005-4829

VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2005-4828

Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures an…

CVSS: 6.4CWE: N/A
Read more
High

CVE-2005-4827

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpReq…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4826

Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a cr…

CVSS: 6.1CWE: N/A
Read more
Medium

CVE-2005-4825

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessib…

CVSS: 5.7CWE: N/A
Read more
High

CVE-2005-4824

PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the LOCAL_PATH parameter, a different vulnerabi…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2005-4823

Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2005-4822

SQL injection vulnerability in projects/project-edit.asp in Digger Solutions Intranet Open Source (IOS) version 2.7.2 allows remote attackers to execute arbitrary SQL commands via the project_id para…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4821

Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 and earlier allow remote attackers to execute arbitrary SQL commands via parameters including (1) the m parameter in auth.php, (2)…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4820

SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4819

Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vect…

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2005-4837

snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by…

CVSS: 10.0CWE: CWE-16
Read more
High

CVE-2005-4841

The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not…

CVSS: 7.1CWE: N/A
Read more
High

CVE-2005-4816

Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4842

The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID,…

CVSS: 7.1CWE: N/A
Read more
Medium

CVE-2005-4686

PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4871

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFile…

CVSS: 4.3CWE: CWE-264
Read more
Low

CVE-2005-4869

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer de…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2005-4862

The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.

CVSS: 5.0CWE: CWE-255
Read more
Medium

CVE-2005-4859

mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mi…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2005-4858

Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters asso…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4857

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request…

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2005-4856

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain…

CVSS: 5.0CWE: CWE-19
Read more
Low

CVE-2005-4855

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types,…

CVSS: 3.5CWE: CWE-264
Read more
Medium

CVE-2005-4854

eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to…

CVSS: 5.0CWE: CWE-264
Read more
Critical

CVE-2005-4853

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner,…

CVSS: 9.4CWE: CWE-264
Read more
Medium

CVE-2005-4852

The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2005-4850

eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.

CVSS: 5.0CWE: CWE-264
Read more
Critical

CVE-2005-4847

Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number of security holes which could lead to compromise," a different issue than CVE-2005-4846.

CVSS: 10.0CWE: N/A
Read more
>