CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0417 2005-04-27 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor.
2 CVE-2005-0684 Exec Code Overflow 2005-04-25 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
3 CVE-2005-1099 Exec Code Overflow 2005-04-12 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.
4 CVE-2005-1246 DoS Exec Code 2005-04-24 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
5 CVE-2005-1274 Exec Code Overflow 2005-04-26 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
6 CVE-2005-1299 Exec Code 2005-04-25 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
7 CVE-2004-1004 2005-04-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
8 CVE-2004-1005 Overflow 2005-04-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
9 CVE-2004-1175 Exec Code 2005-04-14 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
10 CVE-2004-1176 DoS Exec Code 2005-04-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
11 CVE-2004-1342 Bypass 2005-04-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
12 CVE-2005-0129 Exec Code 2005-04-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected.
13 CVE-2005-0130 Exec Code 2005-04-14 2017-07-12
7.5
None Remote Low Not required Partial Partial Partial
Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts.
14 CVE-2005-0206 Overflow 2005-04-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
15 CVE-2005-0413 89 Exec Code Sql 2005-04-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.
16 CVE-2005-0414 Exec Code Sql 2005-04-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter.
17 CVE-2005-0416 Exec Code Overflow 2005-04-27 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.
18 CVE-2005-0419 Exec Code Overflow 2005-04-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.
19 CVE-2005-0555 Exec Code Overflow Mem. Corr. 2005-04-12 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."
20 CVE-2005-0562 Exec Code 2005-04-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.
21 CVE-2005-0752 Exec Code 2005-04-18 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
22 CVE-2005-0753 Exec Code Overflow 2005-04-18 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.
23 CVE-2005-0754 Exec Code 2005-04-22 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
24 CVE-2005-1029 Exec Code Sql 2005-04-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.
25 CVE-2005-1035 Overflow 2005-04-05 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact.
26 CVE-2005-1047 Exec Code 2005-04-07 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.
27 CVE-2005-1055 2005-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file.
28 CVE-2005-1067 2005-04-08 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new".
29 CVE-2005-1070 Exec Code Sql 2005-04-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.
30 CVE-2005-1071 Exec Code Sql 2005-04-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter.
31 CVE-2005-1078 +Priv 2005-04-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges.
32 CVE-2005-1082 Exec Code Sql 2005-04-09 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php.
33 CVE-2005-1096 Exec Code Sql 2005-04-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter.
34 CVE-2005-1122 134 DoS Exec Code 2005-04-14 2020-03-26
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
35 CVE-2005-1134 Exec Code Sql 2005-04-13 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
36 CVE-2005-1139 2005-04-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks.
37 CVE-2005-1141 Exec Code Overflow 2005-04-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow.
38 CVE-2005-1142 Exec Code Overflow 2005-04-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values.
39 CVE-2005-1149 Exec Code Sql 2005-04-13 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
40 CVE-2005-1240 Dir. Trav. 2005-04-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
41 CVE-2005-1241 Dir. Trav. 2005-04-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
42 CVE-2005-1244 Dir. Trav. 2005-04-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable."
43 CVE-2005-1283 Dir. Trav. 2005-04-22 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367.
44 CVE-2005-1287 Exec Code Sql 2005-04-23 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.
45 CVE-2005-1291 Exec Code Sql 2005-04-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.
46 CVE-2005-1295 2005-04-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
47 CVE-2005-1296 Exec Code 2005-04-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
48 CVE-2005-1298 2005-04-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
49 CVE-2005-1303 2005-04-24 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.
50 CVE-2005-1308 2005-04-15 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
Total number of vulnerabilities : 126   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.