CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2005-0715 2005-03-21 2008-09-05
2.1
None Local Low Not required Partial None None
AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.
52 CVE-2005-0713 +Priv Bypass 2005-03-21 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.
53 CVE-2005-0703 2005-03-07 2008-09-05
5.0
None Remote Low Not required None Partial None
Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179.
54 CVE-2005-0702 Sql 2005-03-07 2008-09-05
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
55 CVE-2005-0701 Dir. Trav. 2005-03-07 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.
56 CVE-2005-0700 2005-03-07 2008-09-05
5.0
None Remote Low Not required Partial None None
The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie.
57 CVE-2005-0699 Exec Code Overflow 2005-03-08 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
58 CVE-2005-0698 Exec Code File Inclusion 2005-03-07 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) G_PATH parameter to init.inc.php or the (2) PATH parameter to index.php to reference a URL on a remote web server that contains the code.
59 CVE-2005-0697 Exec Code Sql 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters.
60 CVE-2005-0696 Exec Code Overflow 2005-03-08 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5.
61 CVE-2005-0695 2005-03-07 2016-10-18
5.0
None Remote Low Not required Partial None None
The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field.
62 CVE-2005-0694 +Info 2005-03-07 2016-10-18
5.0
None Remote Low Not required Partial None None
Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv.
63 CVE-2005-0693 DoS Exec Code Overflow 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attackers to cause a denial of service (client or server crash) and execute arbitrary code via a long nickname.
64 CVE-2005-0692 XSS 2005-03-06 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
65 CVE-2005-0691 Exec Code File Inclusion 2005-03-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
66 CVE-2005-0690 +Priv 2005-03-07 2016-10-18
2.1
None Local Low Not required None Partial None
Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command.
67 CVE-2005-0689 Exec Code 2005-03-07 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
68 CVE-2005-0688 DoS 2005-03-05 2018-10-19
5.0
None Remote Low Not required None None Partial
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
69 CVE-2005-0687 DoS Exec Code 2005-03-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header.
70 CVE-2005-0686 Exec Code Overflow 2005-03-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.
71 CVE-2005-0685 2005-03-08 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands.
72 CVE-2005-0681 DoS 2005-03-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname.
73 CVE-2005-0680 Exec Code File Inclusion 2005-03-07 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code.
74 CVE-2005-0674 XSS 2005-03-03 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request.
75 CVE-2005-0671 Exec Code 2005-03-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command.
76 CVE-2005-0668 2005-03-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files.
77 CVE-2005-0667 Exec Code Overflow 2005-03-07 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
78 CVE-2005-0641 XSS 2005-03-02 2021-04-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.
79 CVE-2005-0640 2005-03-02 2021-04-12
4.6
None Local Low Not required Partial Partial Partial
Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.
80 CVE-2005-0639 Exec Code Overflow 2005-03-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
81 CVE-2005-0638 Exec Code 2005-03-02 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
82 CVE-2005-0636 DoS Exec Code 2005-03-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command.
83 CVE-2005-0633 Exec Code Overflow 2005-03-02 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
84 CVE-2005-0632 Exec Code File Inclusion 2005-03-01 2016-10-18
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter.
85 CVE-2005-0631 2005-03-01 2017-07-11
2.1
None Local Low Not required None None Partial
delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters.
86 CVE-2005-0630 2005-03-01 2017-07-11
2.1
None Local Low Not required Partial None None
sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.
87 CVE-2005-0629 XSS 2005-03-01 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.
88 CVE-2005-0628 XSS 2005-03-01 2016-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message.
89 CVE-2005-0626 2005-03-08 2018-10-03
2.6
None Remote High Not required Partial None None
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
90 CVE-2005-0623 Exec Code Overflow 2005-03-01 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL.
91 CVE-2005-0622 2005-03-01 2016-10-18
5.0
None Remote Low Not required Partial None None
RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing (1) . (dot) or (2) space.
92 CVE-2005-0620 2005-03-02 2008-09-05
2.1
None Local Low Not required Partial None None
Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information.
93 CVE-2005-0605 Exec Code Overflow 2005-03-02 2018-10-03
7.5
None Remote Low Not required Partial Partial Partial
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
94 CVE-2005-0593 2005-03-04 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
95 CVE-2005-0592 DoS Exec Code Overflow 2005-03-25 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
96 CVE-2005-0587 2005-03-25 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
97 CVE-2005-0585 2005-03-25 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
98 CVE-2005-0548 XSS 2005-03-07 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function.
99 CVE-2005-0510 DoS 2005-03-14 2008-09-05
2.1
None Local Low Not required None None Partial
The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty.
100 CVE-2005-0509 XSS 2005-03-14 2016-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
Total number of vulnerabilities : 164   Page : 1 2 (This Page)3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.