CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-1850 2005-07-19 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916.
2 CVE-2005-1851 Exec Code 2005-07-19 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors.
3 CVE-2005-2149 +Priv Sql 2005-07-06 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
4 CVE-2005-2222 2005-07-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
5 CVE-2005-2247 2005-07-12 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.
6 CVE-2005-2249 File Inclusion 2005-07-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.
7 CVE-2005-2257 +Priv 2005-07-13 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.
8 CVE-2005-2259 Exec Code 2005-07-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.
9 CVE-2005-2277 Exec Code 2005-07-15 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.
10 CVE-2005-2286 +Priv 2005-07-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.
11 CVE-2005-2290 Exec Code 2005-07-18 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.
12 CVE-2005-2334 Exec Code 2005-07-20 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Y.SAK allows remote attackers to execute arbitrary commands via shell metacharacters in the $no variable to (1) w_s3mbfm.cgi, (2) w_s3adix.cgi, or (3) w_s3sbfm.cgi.
13 CVE-2005-2310 119 Exec Code Overflow 2005-07-19 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
14 CVE-2005-2368 78 Exec Code 2005-07-26 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
15 CVE-2005-0564 Exec Code Overflow 2005-07-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
16 CVE-2005-1175 DoS Exec Code Overflow 2005-07-18 2020-01-21
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
17 CVE-2005-1219 Exec Code Overflow 2005-07-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
18 CVE-2005-1689 119 Exec Code Overflow 2005-07-18 2020-01-21
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
19 CVE-2005-1852 189 DoS Exec Code Overflow 2005-07-26 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
20 CVE-2005-1921 Exec Code 2005-07-05 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
21 CVE-2005-2086 Exec Code File Inclusion 2005-07-05 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
22 CVE-2005-2096 DoS Overflow 2005-07-06 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
23 CVE-2005-2105 Bypass 2005-07-05 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
24 CVE-2005-2108 Exec Code Sql 2005-07-05 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
25 CVE-2005-2111 Exec Code 2005-07-05 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.
26 CVE-2005-2113 Exec Code Sql Bypass 2005-07-05 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.
27 CVE-2005-2135 Exec Code Sql 2005-07-05 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters.
28 CVE-2005-2148 Exec Code 2005-07-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php.
29 CVE-2005-2152 Exec Code Sql 2005-07-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.
30 CVE-2005-2153 Exec Code Sql 2005-07-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable.
31 CVE-2005-2154 File Inclusion 2005-07-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter.
32 CVE-2005-2155 Exec Code File Inclusion 2005-07-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter.
33 CVE-2005-2156 Exec Code Sql 2005-07-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the prevnext parameter.
34 CVE-2005-2158 2005-07-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845.
35 CVE-2005-2164 Exec Code Sql 2005-07-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
36 CVE-2005-2165 Exec Code 2005-07-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters.
37 CVE-2005-2178 Exec Code 2005-07-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the olddat parameter. NOTE: it is unclear which product or vendor this program is associated with, if any.
38 CVE-2005-2183 Bypass 2005-07-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access.
39 CVE-2005-2184 Exec Code 2005-07-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.
40 CVE-2005-2185 2005-07-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.
41 CVE-2005-2188 +Priv 2005-07-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack.
42 CVE-2005-2190 Exec Code Sql 2005-07-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp.
43 CVE-2005-2193 Sql 2005-07-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped.
44 CVE-2005-2197 Sql 2005-07-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.
45 CVE-2005-2198 Exec Code File Inclusion 2005-07-11 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter.
46 CVE-2005-2199 Exec Code File Inclusion 2005-07-11 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.
47 CVE-2005-2200 Bypass 2005-07-11 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication.
48 CVE-2005-2203 Bypass 2005-07-11 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php.
49 CVE-2005-2205 Exec Code 2005-07-11 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
50 CVE-2005-2206 Sql 2005-07-11 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp.
Total number of vulnerabilities : 289   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.