# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2005-1934 |
|
|
DoS |
2005-05-19 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error. |
2 |
CVE-2005-1907 |
|
|
DoS |
2005-05-31 |
2018-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic. |
3 |
CVE-2005-1833 |
|
|
Exec Code Sql |
2005-05-31 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php. |
4 |
CVE-2005-1831 |
|
|
+Priv |
2005-05-31 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty." |
5 |
CVE-2005-1830 |
|
|
DoS |
2005-05-29 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 allows remote attackers to cause a denial of service (application crash) via an invalid Debug Message pointer. |
6 |
CVE-2005-1829 |
|
|
DoS |
2005-05-28 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other. |
7 |
CVE-2005-1828 |
|
|
+Info |
2005-05-26 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. |
8 |
CVE-2005-1827 |
|
|
+Priv Bypass |
2005-05-26 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. |
9 |
CVE-2005-1826 |
|
|
Exec Code Overflow |
2005-05-03 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension. |
10 |
CVE-2005-1825 |
|
|
Exec Code Overflow |
2005-05-03 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process. |
11 |
CVE-2005-1808 |
|
|
DoS |
2005-05-30 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large size value for the nickname, which causes a memory allocation failure and generates an exception. |
12 |
CVE-2005-1807 |
|
|
DoS |
2005-05-28 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field. |
13 |
CVE-2005-1806 |
|
|
Exec Code |
2005-05-28 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL. |
14 |
CVE-2005-1805 |
|
|
Exec Code Sql |
2005-05-28 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in login.asp in an unknown product by Online Solutions for Educators (OS4E) allows remote attackers to execute arbitrary SQL commands via the password. |
15 |
CVE-2005-1804 |
|
|
Exec Code Sql |
2005-05-29 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php. |
16 |
CVE-2005-1802 |
|
|
DoS |
2005-05-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. |
17 |
CVE-2005-1798 |
|
|
Dir. Trav. |
2005-05-29 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. |
18 |
CVE-2005-1797 |
|
|
|
2005-05-26 |
2008-09-05 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. |
19 |
CVE-2005-1796 |
|
|
Exec Code |
2005-05-31 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. |
20 |
CVE-2005-1795 |
20 |
|
Exec Code |
2005-05-27 |
2016-05-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. |
21 |
CVE-2005-1789 |
|
|
Exec Code Sql |
2005-05-29 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password. |
22 |
CVE-2005-1787 |
20 |
|
+Priv Bypass |
2005-05-27 |
2016-11-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable. |
23 |
CVE-2005-1786 |
|
|
Exec Code +Priv Sql |
2005-05-25 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter. |
24 |
CVE-2005-1785 |
|
|
Exec Code Sql |
2005-05-31 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. |
25 |
CVE-2005-1784 |
|
|
+Priv |
2005-05-27 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp. |
26 |
CVE-2005-1783 |
|
|
|
2005-05-31 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or an incorrect submit[type] value, which reveals the path in the resulting error message. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE. |
27 |
CVE-2005-1781 |
|
|
DoS |
2005-05-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash). |
28 |
CVE-2005-1780 |
|
|
Exec Code Sql |
2005-05-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password. |
29 |
CVE-2005-1779 |
|
|
Exec Code Sql |
2005-05-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter. |
30 |
CVE-2005-1777 |
|
|
Exec Code Sql |
2005-05-31 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. |
31 |
CVE-2005-1776 |
|
|
Exec Code Overflow |
2005-05-31 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string. |
32 |
CVE-2005-1775 |
119 |
|
DoS Overflow |
2005-05-31 |
2016-11-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a large nickname. |
33 |
CVE-2005-1773 |
|
|
DoS Exec Code |
2005-05-31 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available. |
34 |
CVE-2005-1772 |
|
|
DoS Overflow |
2005-05-31 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow in the client cd-key hash in Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a long client cd-key hash value, a different vulnerability than CVE-2005-1556. |
35 |
CVE-2005-1771 |
|
|
|
2005-05-31 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t. |
36 |
CVE-2005-1770 |
119 |
|
DoS Exec Code Overflow |
2005-05-31 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 and possibly other versions allows local users to cause a denial of service (system crash) and possibly execute arbitrary code via certain signals combined with crafted input. |
37 |
CVE-2005-1750 |
|
|
Exec Code Sql |
2005-05-25 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. |
38 |
CVE-2005-1749 |
|
|
DoS Overflow |
2005-05-24 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). |
39 |
CVE-2005-1748 |
|
|
DoS |
2005-05-24 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service. |
40 |
CVE-2005-1747 |
|
|
+Priv XSS |
2005-05-24 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password. |
41 |
CVE-2005-1746 |
|
|
DoS |
2005-05-24 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. |
42 |
CVE-2005-1744 |
|
|
|
2005-05-24 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. |
43 |
CVE-2005-1743 |
|
|
|
2005-05-24 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions. |
44 |
CVE-2005-1742 |
|
|
|
2005-05-24 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." |
45 |
CVE-2005-1741 |
|
|
DoS |
2005-05-24 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data. |
46 |
CVE-2005-1740 |
|
|
Exec Code |
2005-05-24 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack. |
47 |
CVE-2005-1739 |
|
|
DoS |
2005-05-24 |
2018-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. |
48 |
CVE-2005-1738 |
|
|
Exec Code |
2005-05-24 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call. |
49 |
CVE-2005-1737 |
|
|
|
2005-05-24 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list. |
50 |
CVE-2005-1736 |
|
|
|
2005-05-24 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended. |