CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-0989 Exec Code Overflow 2005-03-01 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
2 CVE-2004-0990 DoS Exec Code Overflow 2005-03-01 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
3 CVE-2004-0992 Exec Code 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer.
4 CVE-2004-1006 Exec Code 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.
5 CVE-2004-1010 Exec Code Overflow 2005-03-01 2018-10-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.
6 CVE-2004-1034 DoS Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.
7 CVE-2004-1037 Exec Code 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
8 CVE-2004-1052 Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
9 CVE-2004-1053 Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow.
10 CVE-2005-0636 DoS Exec Code 2005-03-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command.
11 CVE-2005-0892 Exec Code Overflow 2005-03-28 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands.
12 CVE-2004-1029 264 Exec Code 2005-03-01 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
13 CVE-2005-0177 119 DoS Overflow 2005-03-07 2017-10-11
7.8
None Remote Low Not required None None Complete
nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.
14 CVE-2004-0986 2005-03-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.
15 CVE-2004-1021 2005-03-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms.
16 CVE-2005-0484 Exec Code 2005-03-30 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
17 CVE-2005-0505 2005-03-14 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins.
18 CVE-2005-0592 DoS Exec Code Overflow 2005-03-25 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
19 CVE-2005-0605 Exec Code Overflow 2005-03-02 2018-10-03
7.5
None Remote Low Not required Partial Partial Partial
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
20 CVE-2005-0623 Exec Code Overflow 2005-03-01 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL.
21 CVE-2005-0633 Exec Code Overflow 2005-03-02 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
22 CVE-2005-0638 Exec Code 2005-03-02 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
23 CVE-2005-0639 Exec Code Overflow 2005-03-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
24 CVE-2005-0668 2005-03-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files.
25 CVE-2005-0671 Exec Code 2005-03-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command.
26 CVE-2005-0680 Exec Code File Inclusion 2005-03-07 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code.
27 CVE-2005-0685 2005-03-08 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands.
28 CVE-2005-0686 Exec Code Overflow 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.
29 CVE-2005-0687 DoS Exec Code 2005-03-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header.
30 CVE-2005-0689 Exec Code 2005-03-07 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
31 CVE-2005-0691 Exec Code File Inclusion 2005-03-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
32 CVE-2005-0693 DoS Exec Code Overflow 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attackers to cause a denial of service (client or server crash) and execute arbitrary code via a long nickname.
33 CVE-2005-0696 Exec Code Overflow 2005-03-08 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5.
34 CVE-2005-0697 Exec Code Sql 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters.
35 CVE-2005-0699 Exec Code Overflow 2005-03-08 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
36 CVE-2005-0720 94 Exec Code File Inclusion 2005-03-08 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.
37 CVE-2005-0725 Exec Code Sql 2005-03-08 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
38 CVE-2005-0748 94 Exec Code File Inclusion 2005-03-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code.
39 CVE-2005-0774 Exec Code Sql 2005-03-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter.
40 CVE-2005-0786 Exec Code Sql 2005-03-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php.
41 CVE-2005-0792 Exec Code Sql 2005-03-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php.
42 CVE-2005-0793 Exec Code File Inclusion 2005-03-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter.
43 CVE-2005-0798 2005-03-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks.
44 CVE-2005-0887 Exec Code 2005-03-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
45 CVE-2005-0911 Exec Code Sql 2005-03-28 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php.
46 CVE-2005-0912 2005-03-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb.
47 CVE-2005-0931 Exec Code File Inclusion 2005-03-29 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code.
48 CVE-2005-0946 Exec Code Sql 2005-03-29 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.
49 CVE-2005-0957 Bypass 2005-03-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attackers to bypass authentication by pressing the escape and enter keys at the username prompt.
50 CVE-2004-1031 Bypass 2005-03-01 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
Total number of vulnerabilities : 164   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.