CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2005-3877 89 Exec Code Sql 2005-11-29 2012-02-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.
52 CVE-2005-3876 Exec Code Sql 2005-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ADC2000 NG Pro 1.2 and NG Pro Lite allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) lang parameters.
53 CVE-2005-3875 Exec Code Sql 2005-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.
54 CVE-2005-3874 Exec Code Sql 2005-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php.
55 CVE-2005-3873 Exec Code Sql 2005-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter.
56 CVE-2005-3872 Exec Code Sql 2005-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php.
57 CVE-2005-3871 Exec Code Sql 2005-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) forum parameter in newtopic.php, and (5) tidnr parameter in neuerbeitrag.php.
58 CVE-2005-3870 Exec Code Sql 2005-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters.
59 CVE-2005-3869 XSS 2005-11-29 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.
60 CVE-2005-3868 1 Exec Code Sql 2005-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request.
61 CVE-2005-3867 XSS 2005-11-29 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search.
62 CVE-2005-3866 XSS 2005-11-29 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search.
63 CVE-2005-3865 Exec Code Sql 2005-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter.
64 CVE-2005-3864 Exec Code Sql 2005-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2.
65 CVE-2005-3863 119 Exec Code Overflow 2005-11-29 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.
66 CVE-2005-3862 Exec Code Overflow 2005-11-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.
67 CVE-2005-3861 94 Exec Code File Inclusion 2005-11-29 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
68 CVE-2005-3860 94 Exec Code File Inclusion 2005-11-29 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter.
69 CVE-2005-3859 94 Exec Code File Inclusion 2005-11-29 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
70 CVE-2005-3858 DoS 2005-11-27 2018-10-03
7.8
None Remote Low Not required None None Complete
Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
71 CVE-2005-3857 399 DoS 2005-11-27 2018-10-19
4.9
None Local Low Not required None None Complete
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.
72 CVE-2005-3856 2005-11-27 2008-09-05
4.0
None Remote Low ??? Partial None None
The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.
73 CVE-2005-3855 Exec Code Sql 2005-11-27 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.
74 CVE-2005-3854 XSS 2005-11-27 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
75 CVE-2005-3853 Exec Code Sql 2005-11-27 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php.
76 CVE-2005-3852 Exec Code Sql 2005-11-27 2013-07-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
77 CVE-2005-3851 XSS 2005-11-27 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter.
78 CVE-2005-3850 XSS 2005-11-27 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter.
79 CVE-2005-3849 XSS 2005-11-27 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
80 CVE-2005-3848 DoS 2005-11-27 2018-10-03
7.8
None Remote Low Not required None None Complete
Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply."
81 CVE-2005-3847 DoS 2005-11-27 2016-10-18
4.0
None Local High Not required None None Complete
The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.
82 CVE-2005-3846 Exec Code Sql 2005-11-26 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
83 CVE-2005-3845 89 Exec Code Sql 2005-11-26 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue."
84 CVE-2005-3844 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.
85 CVE-2005-3843 Exec Code Sql 2005-11-26 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
86 CVE-2005-3842 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in pdjk-support suite 1.1a and earlier allows remote attackers to execute arbitrary SQL commands via the (1) rowstart, (2) news_id, and (3) faq_id parameters.
87 CVE-2005-3841 XSS 2005-11-26 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter.
88 CVE-2005-3840 89 Exec Code Sql 2005-11-26 2011-08-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. NOTE: due to a typo, an Internet Explorer issue was incorrectly assigned this identifier, but the correct identifier is CVE-2005-3240.
89 CVE-2005-3839 XSS 2005-11-26 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options.
90 CVE-2005-3838 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status, (4) Category, (5) searchvalue, and (6) field parameter.
91 CVE-2005-3837 XSS 2005-11-26 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the search module in sCssBoard 1.2 and 1.12, and earlier versions, allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.
92 CVE-2005-3836 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter.
93 CVE-2005-3835 94 Exec Code File Inclusion 2005-11-26 2011-08-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter.
94 CVE-2005-3834 XSS 2005-11-26 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter.
95 CVE-2005-3833 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter.
96 CVE-2005-3832 119 Exec Code Overflow 2005-11-26 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, as used in SpeedProject products including (a) Squeez 5.0 Build 4285, and (b) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.
97 CVE-2005-3831 119 Exec Code Overflow 2005-11-26 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.
98 CVE-2005-3830 Dir. Trav. 2005-11-26 2011-03-08
5.0
None Remote Low Not required Partial None None
index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability.
99 CVE-2005-3829 DoS 2005-11-26 2011-03-08
7.8
None Remote Low Not required None None Complete
index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed.
100 CVE-2005-3828 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter.
Total number of vulnerabilities : 504   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.