| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
601 |
CVE-2005-1060 |
|
|
DoS |
2005-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. |
|
602 |
CVE-2005-1059 |
|
|
|
2005-05-02 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. |
|
603 |
CVE-2005-1058 |
|
|
Bypass |
2005-05-02 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations. |
|
604 |
CVE-2005-1057 |
|
|
Bypass |
2005-05-02 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." |
|
605 |
CVE-2005-1056 |
|
|
DoS |
2005-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service. |
|
606 |
CVE-2005-1054 |
|
|
Exec Code File Inclusion |
2005-05-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code. |
|
607 |
CVE-2005-1053 |
|
|
XSS |
2005-05-02 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters. |
|
608 |
CVE-2005-1052 |
|
|
|
2005-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. |
|
609 |
CVE-2005-1051 |
|
|
Exec Code Sql |
2005-05-02 |
2016-10-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action. |
|
610 |
CVE-2005-1050 |
|
|
+Info |
2005-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message. |
|
611 |
CVE-2005-1049 |
|
|
XSS |
2005-05-02 |
2017-07-11 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled. |
|
612 |
CVE-2005-1048 |
|
|
Sql |
2005-05-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750. |
|
613 |
CVE-2005-1046 |
|
|
Exec Code Overflow |
2005-05-02 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. |
|
614 |
CVE-2005-1045 |
|
|
Exec Code |
2005-05-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark. |
|
615 |
CVE-2005-1042 |
|
|
Exec Code Overflow |
2005-05-02 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count. |
|
616 |
CVE-2005-1041 |
|
|
DoS |
2005-05-02 |
2018-10-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route. |
|
617 |
CVE-2005-1040 |
|
|
+Priv |
2005-05-02 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification." |
|
618 |
CVE-2005-1039 |
|
|
|
2005-05-02 |
2008-09-05 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. |
|
619 |
CVE-2005-1038 |
|
|
|
2005-05-02 |
2017-10-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. |
|
620 |
CVE-2005-1037 |
|
|
+Priv |
2005-05-02 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. |
|
621 |
CVE-2005-1036 |
|
|
DoS +Priv Bypass +Info |
2005-05-02 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. |
|
622 |
CVE-2005-1034 |
|
|
DoS |
2005-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. |
|
623 |
CVE-2005-1033 |
|
|
+Info |
2005-05-02 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message. |
|
624 |
CVE-2005-1031 |
|
|
|
2005-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. |
|
625 |
CVE-2005-1030 |
|
|
XSS |
2005-05-02 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp. |
|
626 |
CVE-2005-1028 |
200 |
|
+Info |
2005-05-02 |
2019-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. |
|
627 |
CVE-2005-1027 |
|
|
XSS |
2005-05-02 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. |
|
628 |
CVE-2005-1026 |
|
|
Exec Code Sql |
2005-05-02 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to dlman.php in DLMan Pro or (2) id parameter to links.php in Linkz Pro (aka LinksLinks Pro). |
|
629 |
CVE-2005-1025 |
|
|
+Info |
2005-05-02 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. |
|
630 |
CVE-2005-1024 |
|
|
+Info |
2005-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message. |
|
631 |
CVE-2005-1023 |
|
|
XSS |
2005-05-02 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000. |
|
632 |
CVE-2005-1022 |
|
|
+Info |
2005-05-02 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. |
|
633 |
CVE-2005-1021 |
399 |
|
DoS |
2005-05-02 |
2017-10-11 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. |
|
634 |
CVE-2005-1020 |
287 |
|
DoS |
2005-05-02 |
2017-10-11 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. |
|
635 |
CVE-2005-1019 |
|
|
Overflow +Priv |
2005-05-02 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable. |
|
636 |
CVE-2005-1018 |
|
|
DoS Exec Code Overflow |
2005-05-02 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field. |
|
637 |
CVE-2005-1017 |
89 |
|
Exec Code Sql |
2005-05-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. |
|
638 |
CVE-2005-1016 |
|
|
XSS |
2005-05-02 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in links_add_form.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL. |
|
639 |
CVE-2005-1015 |
|
|
Exec Code Overflow |
2005-05-02 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command. |
|
640 |
CVE-2005-1014 |
|
|
Exec Code Overflow |
2005-05-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command. |
|
641 |
CVE-2005-1013 |
|
|
DoS |
2005-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string. |
|
642 |
CVE-2005-1012 |
|
|
XSS |
2005-05-02 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description. |
|
643 |
CVE-2005-1011 |
|
|
Exec Code Sql |
2005-05-02 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in content.asp in SiteEnable allows remote attackers to execute arbitrary SQL commands via the sortby parameter. |
|
644 |
CVE-2005-1010 |
|
|
XSS |
2005-05-02 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username. |
|
645 |
CVE-2005-1009 |
|
|
Exec Code Overflow |
2005-05-02 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file. |
|
646 |
CVE-2005-1008 |
|
|
XSS |
2005-05-02 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag. |
|
647 |
CVE-2005-1007 |
|
|
DoS |
2005-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages. |
|
648 |
CVE-2005-1006 |
|
|
XSS |
2005-05-02 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. |
|
649 |
CVE-2005-1005 |
|
|
+Priv Bypass |
2005-05-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter. |
|
650 |
CVE-2005-1004 |
|
|
XSS |
2005-05-02 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter. |
