CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2005 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0957 Bypass 2005-03-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attackers to bypass authentication by pressing the escape and enter keys at the username prompt.
2 CVE-2005-0946 Exec Code Sql 2005-03-29 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.
3 CVE-2005-0931 Exec Code File Inclusion 2005-03-29 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code.
4 CVE-2005-0912 2005-03-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb.
5 CVE-2005-0911 Exec Code Sql 2005-03-28 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php.
6 CVE-2005-0892 Exec Code Overflow 2005-03-28 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands.
7 CVE-2005-0887 Exec Code 2005-03-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
8 CVE-2005-0798 2005-03-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks.
9 CVE-2005-0794 DoS 2005-03-15 2017-07-11
6.4
None Remote Low Not required None Partial Partial
ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php.
10 CVE-2005-0793 Exec Code File Inclusion 2005-03-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter.
11 CVE-2005-0792 Exec Code Sql 2005-03-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php.
12 CVE-2005-0786 Exec Code Sql 2005-03-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php.
13 CVE-2005-0774 Exec Code Sql 2005-03-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter.
14 CVE-2005-0767 Exec Code 2005-03-15 2018-10-03
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root.
15 CVE-2005-0750 +Priv 2005-03-27 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
16 CVE-2005-0748 94 Exec Code File Inclusion 2005-03-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code.
17 CVE-2005-0725 Exec Code Sql 2005-03-08 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
18 CVE-2005-0720 94 Exec Code File Inclusion 2005-03-08 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.
19 CVE-2005-0716 Exec Code Overflow 2005-03-21 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
20 CVE-2005-0699 Exec Code Overflow 2005-03-08 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
21 CVE-2005-0697 Exec Code Sql 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters.
22 CVE-2005-0696 Exec Code Overflow 2005-03-08 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5.
23 CVE-2005-0693 DoS Exec Code Overflow 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attackers to cause a denial of service (client or server crash) and execute arbitrary code via a long nickname.
24 CVE-2005-0691 Exec Code File Inclusion 2005-03-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
25 CVE-2005-0689 Exec Code 2005-03-07 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
26 CVE-2005-0687 DoS Exec Code 2005-03-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header.
27 CVE-2005-0686 Exec Code Overflow 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.
28 CVE-2005-0685 2005-03-08 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands.
29 CVE-2005-0680 Exec Code File Inclusion 2005-03-07 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code.
30 CVE-2005-0671 Exec Code 2005-03-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command.
31 CVE-2005-0668 2005-03-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files.
32 CVE-2005-0639 Exec Code Overflow 2005-03-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
33 CVE-2005-0638 Exec Code 2005-03-02 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
34 CVE-2005-0636 DoS Exec Code 2005-03-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command.
35 CVE-2005-0633 Exec Code Overflow 2005-03-02 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
36 CVE-2005-0623 Exec Code Overflow 2005-03-01 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL.
37 CVE-2005-0605 Exec Code Overflow 2005-03-02 2018-10-03
7.5
None Remote Low Not required Partial Partial Partial
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
38 CVE-2005-0592 DoS Exec Code Overflow 2005-03-25 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
39 CVE-2005-0505 2005-03-14 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins.
40 CVE-2005-0487 XSS 2005-03-30 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter.
41 CVE-2005-0485 79 XSS 2005-03-30 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter.
42 CVE-2005-0484 Exec Code 2005-03-30 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
43 CVE-2005-0475 Exec Code Sql 2005-03-30 2017-07-11
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.
44 CVE-2005-0474 Exec Code Sql 2005-03-30 2017-07-11
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
45 CVE-2005-0352 +Priv 2005-03-16 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges.
46 CVE-2005-0259 2005-03-14 2008-09-10
6.4
None Remote Low Not required Partial Partial None
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
47 CVE-2005-0178 DoS 2005-03-07 2017-10-11
6.2
None Local High Not required Complete Complete Complete
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
48 CVE-2005-0177 119 DoS Overflow 2005-03-07 2017-10-11
7.8
None Remote Low Not required None None Complete
nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.
49 CVE-2004-1055 XSS 2005-03-01 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
50 CVE-2004-1053 Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow.
Total number of vulnerabilities : 66   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.