CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2005-3827 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
102 CVE-2005-3826 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter.
103 CVE-2005-3825 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.
104 CVE-2005-3824 2005-11-26 2018-10-19
5.0
None Remote Low Not required None Partial None
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action.
105 CVE-2005-3823 Exec Code 2005-11-26 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.
106 CVE-2005-3822 Exec Code Sql 2005-11-26 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
107 CVE-2005-3821 XSS 2005-11-26 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name.
108 CVE-2005-3820 Exec Code Dir. Trav. 2005-11-26 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.
109 CVE-2005-3819 Sql Bypass 2005-11-26 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.
110 CVE-2005-3818 XSS 2005-11-26 2018-10-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.
111 CVE-2005-3817 89 Exec Code Sql 2005-11-26 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.
112 CVE-2005-3816 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode.
113 CVE-2005-3815 Exec Code Sql 2005-11-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.
114 CVE-2005-3814 XSS 2005-11-26 2011-03-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and (3) search.php.
115 CVE-2005-3813 DoS 2005-11-26 2018-10-19
4.0
None Remote Low ??? None None Partial
IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3690.
116 CVE-2005-3812 DoS 2005-11-26 2018-10-19
6.8
None Remote Low ??? None None Complete
freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.
117 CVE-2005-3811 Dir. Trav. 2005-11-25 2017-07-11
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter.
118 CVE-2005-3810 DoS 2005-11-25 2016-10-18
7.8
None Remote Low Not required None None Complete
ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference.
119 CVE-2005-3809 DoS 2005-11-25 2016-10-18
7.8
None Remote Low Not required None None Complete
The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference.
120 CVE-2005-3808 DoS Overflow 2005-11-25 2018-10-03
4.9
None Local Low Not required None None Complete
Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system.
121 CVE-2005-3807 DoS 2005-11-25 2018-10-19
4.9
None Local Low Not required None None Complete
Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlease function after the fasync queue has already been cleaned by the locks_delete_lock function.
122 CVE-2005-3806 399 DoS 2005-11-25 2018-10-19
6.6
None Local Low Not required None Complete Complete
The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory.
123 CVE-2005-3805 DoS 2005-11-25 2018-10-19
4.9
None Local Low Not required None None Complete
A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service (deadlock) involving process CPU timers.
124 CVE-2005-3804 DoS +Info 2005-11-24 2017-07-11
6.4
None Remote Low Not required Partial None Partial
Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.
125 CVE-2005-3803 +Info 2005-11-24 2017-07-11
5.0
None Remote Low Not required Partial None None
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.
126 CVE-2005-3802 2005-11-24 2017-07-12
5.1
None Remote High Not required Partial Partial Partial
Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication.
127 CVE-2005-3801 2005-11-24 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
CounterPane PasswordSafe 1.x and 2.x allows local users to test possible encryption keys against a subset of the stored key data without performing the more expensive key derivation function (KDF) function, which reduces the search time in brute force attacks.
128 CVE-2005-3800 +Info 2005-11-24 2017-07-11
5.0
None Remote Low Not required Partial None None
Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information.
129 CVE-2005-3799 +Info 2005-11-24 2016-10-18
5.0
None Remote Low Not required Partial None None
phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.
130 CVE-2005-3798 Exec Code Sql 2005-11-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field.
131 CVE-2005-3797 Exec Code File Inclusion 2005-11-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.
132 CVE-2005-3796 Exec Code 2005-11-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability.
133 CVE-2005-3795 XSS 2005-11-24 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php.
134 CVE-2005-3794 +Info 2005-11-24 2017-07-11
5.0
None Remote Low Not required Partial None None
AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts.
135 CVE-2005-3793 Exec Code Sql Bypass 2005-11-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php.
136 CVE-2005-3792 Exec Code Sql 2005-11-24 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.
137 CVE-2005-3791 Http R.Spl. 2005-11-24 2016-10-18
5.0
None Remote Low Not required None Partial None
HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors.
138 CVE-2005-3790 XSS 2005-11-24 2016-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
139 CVE-2005-3789 Dir. Trav. 2005-11-24 2016-10-18
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.
140 CVE-2005-3788 DoS 2005-11-24 2018-10-30
5.4
None Remote High Not required None None Complete
Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service."
141 CVE-2005-3787 XSS 2005-11-24 2018-10-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.
142 CVE-2005-3786 Bypass 2005-11-23 2011-03-08
4.6
None Local Low Not required Partial Partial Partial
Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.
143 CVE-2005-3785 2005-11-23 2011-03-08
5.0
None Remote Low Not required None Partial None
Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program.
144 CVE-2005-3784 399 DoS +Priv 2005-11-23 2018-10-19
4.9
None Local Low Not required None None Complete
The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service (crash) and gain root privileges.
145 CVE-2005-3783 DoS 2005-11-23 2018-10-19
4.9
None Local Low Not required None None Complete
The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash).
146 CVE-2005-3781 DoS 2005-11-23 2018-10-30
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries."
147 CVE-2005-3780 Exec Code Overflow 2005-11-23 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records.
148 CVE-2005-3779 +Priv 2005-11-23 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.
149 CVE-2005-3778 DoS 2005-11-23 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors.
150 CVE-2005-3777 2005-11-23 2016-10-18
5.0
None Remote Low Not required None Partial None
MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form.
Total number of vulnerabilities : 504   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.