CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2005-2322 XSS 2005-07-19 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the (1) viewuser_id or (2) group parameter to users.php.
52 CVE-2005-2321 Exec Code File Inclusion 2005-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrary code via the CLPATH parameter to (1) cl_minical.php, (2) clmcpreload.php, (3) mcconfig.php, or (4) mcpi-demo.php.
53 CVE-2005-2320 +Priv 2005-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
54 CVE-2005-2319 2005-07-19 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter.
55 CVE-2005-2318 XSS 2005-07-19 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
56 CVE-2005-2317 Bypass 2005-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies.
57 CVE-2005-2314 Bypass 2005-07-19 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's username and password by setting the do_login parameter and performing an edit action using user.php, which causes the login check to be bypassed and leaks the password in the response.
58 CVE-2005-2313 +Priv 2005-07-19 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Check Point SecuRemote NG with Application Intelligence R54 allows attackers to obtain credentials and gain privileges via unknown attack vectors.
59 CVE-2005-2312 2005-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the user_id parameter.
60 CVE-2005-2311 2005-07-19 2008-09-05
2.1
None Local Low Not required None Partial None
SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.
61 CVE-2005-2310 119 Exec Code Overflow 2005-07-19 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
62 CVE-2005-2309 DoS 2005-07-19 2008-09-05
5.0
None Remote Low Not required None None Partial
Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg.
63 CVE-2005-2308 DoS Exec Code 2005-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
64 CVE-2005-2307 DoS 2005-07-19 2019-04-30
5.0
None Remote Low Not required None None Partial
netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
65 CVE-2005-2306 +Priv 2005-07-19 2008-09-05
3.7
None Local High Not required Partial Partial Partial
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
66 CVE-2005-2305 DoS Exec Code Overflow 2005-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow.
67 CVE-2005-2304 DoS 2005-07-19 2021-07-23
5.0
None Remote Low Not required None None Partial
Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count.
68 CVE-2005-2302 2005-07-19 2016-10-18
2.1
None Local Low Not required None None Partial
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
69 CVE-2005-2301 DoS 2005-07-19 2016-10-18
5.0
None Remote Low Not required None None Partial
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
70 CVE-2005-2300 2005-07-19 2016-10-18
2.1
None Local Low Not required None Partial None
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
71 CVE-2005-2299 XSS 2005-07-19 2016-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Simple Message Board Version 2.0 Beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) FID parameter to forum.cfm, (2) UID parameter to user.cfm, (3) TID parameter to thread.cfm, or (4) PostDate parameter to search.cfm.
72 CVE-2005-2298 Bypass 2005-07-19 2016-10-18
5.0
None Remote Low Not required None Partial None
BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards.
73 CVE-2005-2297 Exec Code Overflow 2005-07-19 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.
74 CVE-2005-2296 +Info 2005-07-18 2016-10-18
5.0
None Remote Low Not required Partial None None
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path.
75 CVE-2005-2295 DoS 2005-07-18 2017-07-11
5.0
None Remote Low Not required None None Partial
NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size.
76 CVE-2005-2294 2005-07-18 2017-07-11
2.1
None Local Low Not required Partial None None
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
77 CVE-2005-2293 +Info 2005-07-18 2017-07-11
2.1
None Local Low Not required Partial None None
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
78 CVE-2005-2292 +Info 2005-07-18 2017-07-11
2.1
None Local Low Not required Partial None None
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
79 CVE-2005-2291 2005-07-18 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
80 CVE-2005-2290 Exec Code 2005-07-18 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.
81 CVE-2005-2289 +Info 2005-07-18 2016-10-18
5.0
None Remote Low Not required Partial None None
PHPCounter 7.2 allows remote attackers to obtain sensitive information via a direct request to prelims.php, which reveals the path in an error message.
82 CVE-2005-2288 XSS 2005-07-18 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter.
83 CVE-2005-2287 DoS Overflow 2005-07-18 2016-10-18
5.0
None Remote Low Not required None None Partial
SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow.
84 CVE-2005-2286 +Priv 2005-07-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.
85 CVE-2005-2285 +Info 2005-07-18 2008-09-05
5.0
None Remote Low Not required Partial None None
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration.
86 CVE-2005-2284 Sql 2005-07-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors.
87 CVE-2005-2283 DoS 2005-07-18 2008-09-05
2.1
None Local Low Not required None None Partial
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file.
88 CVE-2005-2282 XSS 2005-07-18 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors.
89 CVE-2005-2281 2005-07-18 2008-09-05
5.0
None Remote Low Not required Partial None None
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.
90 CVE-2005-2280 DoS 2005-07-18 2017-07-11
5.0
None Remote Low Not required None None Partial
Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet.
91 CVE-2005-2279 DoS 2005-07-18 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data.
92 CVE-2005-2278 Exec Code Overflow 2005-07-18 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
93 CVE-2005-2277 Exec Code 2005-07-15 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.
94 CVE-2005-2276 XSS 2005-07-26 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "j&#X41vascript" in an IMG tag.
95 CVE-2005-2274 2005-07-13 2021-07-23
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
96 CVE-2005-2273 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
97 CVE-2005-2272 2005-07-13 2017-07-11
2.6
None Remote High Not required None Partial None
Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
98 CVE-2005-2271 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
99 CVE-2005-2270 Exec Code 2005-07-13 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
100 CVE-2005-2269 Exec Code 2005-07-13 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
Total number of vulnerabilities : 289   Page : 1 2 (This Page)3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.