CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2005-0508 Bypass 2005-03-14 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."
102 CVE-2005-0507 Dir. Trav. 2005-03-14 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. sequences in an HTTP request.
103 CVE-2005-0506 2005-03-14 2016-10-18
5.0
None Remote Low Not required Partial None None
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.
104 CVE-2005-0505 2005-03-14 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins.
105 CVE-2005-0504 119 Exec Code Overflow 2005-03-14 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.
106 CVE-2005-0487 XSS 2005-03-30 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter.
107 CVE-2005-0486 2005-03-30 2017-07-11
5.0
None Remote Low Not required Partial None None
Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.
108 CVE-2005-0485 79 XSS 2005-03-30 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter.
109 CVE-2005-0484 Exec Code 2005-03-30 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
110 CVE-2005-0483 Dir. Trav. 2005-03-30 2017-07-11
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command.
111 CVE-2005-0482 DoS 2005-03-30 2017-07-11
5.0
None Remote Low Not required None None Partial
TrackerCam 5.12 and earlier allows remote attackers to cause a denial of service (crash) via (1) a large number of connections with a negative Content-Length header, possibly triggering an integer signedness error, or (2) a large amount of data.
112 CVE-2005-0481 2005-03-30 2017-07-11
5.0
None Remote Low Not required Partial None None
TrackerCam 5.12 and earlier allows remote attackers to read log files via the fn parameter in a direct request to the ComGetLogFile.php3 script.
113 CVE-2005-0480 XSS 2005-03-30 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file.
114 CVE-2005-0479 Dir. Trav. 2005-03-30 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and (1) "/" slash), (2) "\" (backslash), or (3) hex-encoded characters in the fn parameter.
115 CVE-2005-0478 DoS Exec Code Overflow 2005-03-30 2017-07-11
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script.
116 CVE-2005-0477 79 XSS 2005-03-30 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.
117 CVE-2005-0476 XSS 2005-03-30 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message.
118 CVE-2005-0475 Exec Code Sql 2005-03-30 2017-07-11
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.
119 CVE-2005-0474 Exec Code Sql 2005-03-30 2017-07-11
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
120 CVE-2005-0473 DoS 2005-03-14 2018-10-19
5.0
None Remote Low Not required None None Partial
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
121 CVE-2005-0472 DoS 2005-03-14 2018-10-19
5.0
None Remote Low Not required None None Partial
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
122 CVE-2005-0471 2005-03-14 2017-07-11
5.0
None Remote Low Not required None Partial None
Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.
123 CVE-2005-0470 DoS Overflow 2005-03-14 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
124 CVE-2005-0398 DoS 2005-03-14 2017-10-11
5.0
None Remote Low Not required None None Partial
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
125 CVE-2005-0384 DoS 2005-03-15 2018-10-03
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
126 CVE-2005-0352 +Priv 2005-03-16 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges.
127 CVE-2005-0259 2005-03-14 2008-09-10
6.4
None Remote Low Not required Partial Partial None
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
128 CVE-2005-0258 Dir. Trav. 2005-03-14 2008-09-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.
129 CVE-2005-0180 Bypass 2005-03-07 2017-10-11
3.6
None Local Low Not required Partial Partial None
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.
130 CVE-2005-0179 DoS Bypass 2005-03-07 2017-10-11
2.1
None Local Low Not required None None Partial
Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call.
131 CVE-2005-0178 DoS 2005-03-07 2017-10-11
6.2
None Local High Not required Complete Complete Complete
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
132 CVE-2005-0177 119 DoS Overflow 2005-03-07 2017-10-11
7.8
None Remote Low Not required None None Complete
nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.
133 CVE-2005-0143 2005-03-23 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
134 CVE-2005-0109 +Info 2005-03-05 2018-10-16
4.7
None Local Medium Not required Complete None None
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
135 CVE-2005-0099 2005-03-08 2008-09-05
2.1
None Local Low Not required None Partial None
The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files.
136 CVE-2005-0098 Exec Code Overflow 2005-03-08 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before 2.00 allow local users to execute arbitrary code via the command line.
137 CVE-2004-1055 XSS 2005-03-01 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
138 CVE-2004-1053 Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow.
139 CVE-2004-1052 Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
140 CVE-2004-1051 Exec Code 2005-03-01 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
141 CVE-2004-1038 Bypass 2005-03-01 2018-10-19
7.2
None Local Low Not required Complete Complete Complete
A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.
142 CVE-2004-1037 Exec Code 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
143 CVE-2004-1036 Exec Code XSS 2005-03-01 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
144 CVE-2004-1035 DoS +Info 2005-03-01 2017-07-11
6.4
None Remote Low Not required Partial None Partial
Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, (3) request.c, and (4) select.c for up-imapproxy IMAP proxy 1.2.2 allow remote attackers to cause a denial of service (server crash) and possibly leak sensitive information via certain literal values that are not properly handled when using the IMAP_Line_Read function.
145 CVE-2004-1034 DoS Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.
146 CVE-2004-1033 Bypass 2005-03-01 2017-07-11
2.1
None Local Low Not required Partial None None
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
147 CVE-2004-1032 2005-03-01 2017-07-11
2.1
None Local Low Not required None Partial None
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.
148 CVE-2004-1031 Bypass 2005-03-01 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
149 CVE-2004-1030 2005-03-01 2017-07-11
2.1
None Local Low Not required Partial None None
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.
150 CVE-2004-1029 264 Exec Code 2005-03-01 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
Total number of vulnerabilities : 164   Page : 1 2 3 (This Page)4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.