CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2005 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-1317 XSS 2005-04-25 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
2 CVE-2005-1312 Exec Code File Inclusion 2005-04-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors.
3 CVE-2005-1310 Exec Code Sql 2005-04-23 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
4 CVE-2005-1308 2005-04-15 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
5 CVE-2005-1303 2005-04-24 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.
6 CVE-2005-1300 XSS 2005-04-25 2016-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
7 CVE-2005-1299 Exec Code 2005-04-25 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
8 CVE-2005-1298 2005-04-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
9 CVE-2005-1297 XSS 2005-04-25 2016-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
10 CVE-2005-1296 Exec Code 2005-04-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
11 CVE-2005-1295 2005-04-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
12 CVE-2005-1294 +Priv 2005-04-24 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index.
13 CVE-2005-1291 Exec Code Sql 2005-04-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.
14 CVE-2005-1287 Exec Code Sql 2005-04-23 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.
15 CVE-2005-1285 XSS 2005-04-22 2016-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter.
16 CVE-2005-1283 Dir. Trav. 2005-04-22 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367.
17 CVE-2005-1274 Exec Code Overflow 2005-04-26 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
18 CVE-2005-1246 DoS Exec Code 2005-04-24 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
19 CVE-2005-1244 Dir. Trav. 2005-04-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable."
20 CVE-2005-1241 Dir. Trav. 2005-04-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
21 CVE-2005-1240 Dir. Trav. 2005-04-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
22 CVE-2005-1149 Exec Code Sql 2005-04-13 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
23 CVE-2005-1142 Exec Code Overflow 2005-04-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values.
24 CVE-2005-1141 Exec Code Overflow 2005-04-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow.
25 CVE-2005-1139 2005-04-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks.
26 CVE-2005-1134 Exec Code Sql 2005-04-13 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
27 CVE-2005-1122 134 DoS Exec Code 2005-04-14 2020-03-26
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
28 CVE-2005-1107 +Priv 2005-04-18 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files.
29 CVE-2005-1099 Exec Code Overflow 2005-04-12 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.
30 CVE-2005-1096 Exec Code Sql 2005-04-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter.
31 CVE-2005-1087 2005-04-07 2017-07-11
6.4
None Remote Low Not required Partial Partial None
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
32 CVE-2005-1082 Exec Code Sql 2005-04-09 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php.
33 CVE-2005-1078 +Priv 2005-04-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges.
34 CVE-2005-1071 Exec Code Sql 2005-04-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter.
35 CVE-2005-1070 Exec Code Sql 2005-04-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.
36 CVE-2005-1067 2005-04-08 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new".
37 CVE-2005-1055 2005-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file.
38 CVE-2005-1047 Exec Code 2005-04-07 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.
39 CVE-2005-1035 Overflow 2005-04-05 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact.
40 CVE-2005-1029 Exec Code Sql 2005-04-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.
41 CVE-2005-0754 Exec Code 2005-04-22 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
42 CVE-2005-0753 Exec Code Overflow 2005-04-18 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.
43 CVE-2005-0752 Exec Code 2005-04-18 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
44 CVE-2005-0749 DoS 2005-04-01 2018-10-03
7.2
None Local Low Not required Complete Complete Complete
The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.
45 CVE-2005-0684 Exec Code Overflow 2005-04-25 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
46 CVE-2005-0610 Exec Code 2005-04-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.
47 CVE-2005-0562 Exec Code 2005-04-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.
48 CVE-2005-0555 Exec Code Overflow Mem. Corr. 2005-04-12 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."
49 CVE-2005-0419 Exec Code Overflow 2005-04-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.
50 CVE-2005-0417 2005-04-27 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor.
Total number of vulnerabilities : 66   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.