CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2005 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0957 Bypass 2005-03-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attackers to bypass authentication by pressing the escape and enter keys at the username prompt.
2 CVE-2005-0950 Dir. Trav. 2005-03-29 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows remote attackers to read arbitrary files via a (1) ... (triple dot) or (2) ..\ (dot dot backslash) in the URL.
3 CVE-2005-0946 Exec Code Sql 2005-03-29 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.
4 CVE-2005-0943 DoS 2005-03-30 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
5 CVE-2005-0931 Exec Code File Inclusion 2005-03-29 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code.
6 CVE-2005-0912 2005-03-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb.
7 CVE-2005-0911 Exec Code Sql 2005-03-28 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php.
8 CVE-2005-0900 +Info 2005-03-26 2016-10-18
5.0
None Remote Low Not required Partial None None
marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid (1) file or (2) category parameter, which reveal the path in an error message.
9 CVE-2005-0892 Exec Code Overflow 2005-03-28 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands.
10 CVE-2005-0887 Exec Code 2005-03-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
11 CVE-2005-0799 DoS 2005-03-15 2019-12-17
5.0
None Remote Low Not required None None Partial
MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.
12 CVE-2005-0798 2005-03-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks.
13 CVE-2005-0797 200 +Info 2005-03-15 2016-10-18
5.0
None Remote Low Not required Partial None None
Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
14 CVE-2005-0795 2005-03-14 2017-07-11
5.0
None Remote Low Not required None Partial None
HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.
15 CVE-2005-0794 DoS 2005-03-15 2017-07-11
6.4
None Remote Low Not required None Partial Partial
ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php.
16 CVE-2005-0793 Exec Code File Inclusion 2005-03-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter.
17 CVE-2005-0792 Exec Code Sql 2005-03-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php.
18 CVE-2005-0790 +Info 2005-03-14 2017-07-11
5.0
None Remote Low Not required Partial None None
phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message.
19 CVE-2005-0789 Dir. Trav. 2005-03-14 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request.
20 CVE-2005-0788 2005-03-14 2017-07-11
5.0
None Remote Low Not required Partial None None
LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request.
21 CVE-2005-0786 Exec Code Sql 2005-03-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php.
22 CVE-2005-0780 +Info 2005-03-12 2016-10-18
5.0
None Remote Low Not required Partial None None
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message.
23 CVE-2005-0774 Exec Code Sql 2005-03-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter.
24 CVE-2005-0767 Exec Code 2005-03-15 2018-10-03
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root.
25 CVE-2005-0765 DoS 2005-03-12 2017-10-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).
26 CVE-2005-0761 DoS 2005-03-23 2017-10-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.
27 CVE-2005-0759 DoS 2005-03-23 2017-10-11
5.0
None Remote Low Not required None None Partial
ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
28 CVE-2005-0750 +Priv 2005-03-27 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
29 CVE-2005-0748 94 Exec Code File Inclusion 2005-03-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code.
30 CVE-2005-0747 +Info 2005-03-08 2008-09-05
5.0
None Remote Low Not required Partial None None
ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp.
31 CVE-2005-0731 DoS 2005-03-10 2017-07-11
5.0
None Remote Low Not required None None Partial
PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html.
32 CVE-2005-0725 Exec Code Sql 2005-03-08 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
33 CVE-2005-0722 2005-03-07 2016-10-18
5.0
None Remote Low Not required Partial None None
eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message.
34 CVE-2005-0720 94 Exec Code File Inclusion 2005-03-08 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.
35 CVE-2005-0716 Exec Code Overflow 2005-03-21 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
36 CVE-2005-0703 2005-03-07 2008-09-05
5.0
None Remote Low Not required None Partial None
Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179.
37 CVE-2005-0702 Sql 2005-03-07 2008-09-05
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
38 CVE-2005-0701 Dir. Trav. 2005-03-07 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.
39 CVE-2005-0700 2005-03-07 2008-09-05
5.0
None Remote Low Not required Partial None None
The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie.
40 CVE-2005-0699 Exec Code Overflow 2005-03-08 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
41 CVE-2005-0697 Exec Code Sql 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters.
42 CVE-2005-0696 Exec Code Overflow 2005-03-08 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5.
43 CVE-2005-0695 2005-03-07 2016-10-18
5.0
None Remote Low Not required Partial None None
The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field.
44 CVE-2005-0694 +Info 2005-03-07 2016-10-18
5.0
None Remote Low Not required Partial None None
Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv.
45 CVE-2005-0693 DoS Exec Code Overflow 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attackers to cause a denial of service (client or server crash) and execute arbitrary code via a long nickname.
46 CVE-2005-0691 Exec Code File Inclusion 2005-03-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
47 CVE-2005-0689 Exec Code 2005-03-07 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
48 CVE-2005-0688 DoS 2005-03-05 2018-10-19
5.0
None Remote Low Not required None None Partial
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
49 CVE-2005-0687 DoS Exec Code 2005-03-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header.
50 CVE-2005-0686 Exec Code Overflow 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.
Total number of vulnerabilities : 114   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.