CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2005-2268 2005-07-13 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
102 CVE-2005-2267 Exec Code 2005-07-13 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
103 CVE-2005-2266 2005-07-13 2017-10-11
5.0
None Remote Low Not required Partial None None
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
104 CVE-2005-2265 DoS Exec Code 2005-07-13 2017-10-11
5.0
None Remote Low Not required None None Partial
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
105 CVE-2005-2264 2005-07-13 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.
106 CVE-2005-2263 2005-07-13 2017-10-11
5.0
None Remote Low Not required None Partial None
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
107 CVE-2005-2262 Exec Code 2005-07-13 2017-10-11
5.1
None Remote High Not required Partial Partial Partial
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."
108 CVE-2005-2261 Bypass 2005-07-13 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
109 CVE-2005-2260 2005-07-13 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.
110 CVE-2005-2259 Exec Code 2005-07-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.
111 CVE-2005-2258 Exec Code File Inclusion 2005-07-13 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter.
112 CVE-2005-2257 +Priv 2005-07-13 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.
113 CVE-2005-2256 Dir. Trav. 2005-07-13 2008-09-05
5.0
None Remote Low Not required Partial None None
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.
114 CVE-2005-2255 Dir. Trav. +Info 2005-07-13 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
115 CVE-2005-2254 79 XSS 2005-07-13 2010-12-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description.
116 CVE-2005-2253 Sql 2005-07-13 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description.
117 CVE-2005-2252 +Priv Bypass 2005-07-13 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.
118 CVE-2005-2251 Exec Code File Inclusion 2005-07-13 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468.
119 CVE-2005-2250 Exec Code Overflow 2005-07-13 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.
120 CVE-2005-2249 File Inclusion 2005-07-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.
121 CVE-2005-2248 Dir. Trav. 2005-07-13 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder.
122 CVE-2005-2247 2005-07-12 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.
123 CVE-2005-2246 Exec Code File Inclusion 2005-07-12 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php.
124 CVE-2005-2245 2005-07-12 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers.
125 CVE-2005-2244 Exec Code Overflow 2005-07-12 2017-07-11
5.0
None Remote Low Not required None Partial None
The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow.
126 CVE-2005-2243 DoS 2005-07-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail.
127 CVE-2005-2242 DoS 2005-07-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe).
128 CVE-2005-2241 DoS +Info 2005-07-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe.
129 CVE-2005-2240 2005-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.
130 CVE-2005-2239 DoS 2005-07-12 2008-09-05
5.0
None Remote Low Not required None None Partial
oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters.
131 CVE-2005-2238 DoS 2005-07-12 2008-09-05
2.1
None Local Low Not required None None Partial
ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.
132 CVE-2005-2237 Exec Code 2005-07-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments.
133 CVE-2005-2236 Exec Code 2005-07-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.
134 CVE-2005-2235 Exec Code Overflow 2005-07-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.
135 CVE-2005-2234 Exec Code Overflow 2005-07-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.
136 CVE-2005-2233 Exec Code Overflow 2005-07-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.
137 CVE-2005-2232 Exec Code Overflow 2005-07-12 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.
138 CVE-2005-2231 2005-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
139 CVE-2005-2230 2005-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files.
140 CVE-2005-2229 +Info 2005-07-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers.
141 CVE-2005-2228 2005-07-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum.
142 CVE-2005-2227 +Priv 2005-07-12 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges.
143 CVE-2005-2226 +Info 2005-07-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
144 CVE-2005-2225 DoS 2005-07-12 2021-06-15
5.0
None Remote Low Not required None None Partial
Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers.
145 CVE-2005-2224 399 DoS 2005-07-12 2013-02-05
5.0
None Remote Low Not required None None Partial
aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
146 CVE-2005-2223 DoS 2005-07-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication.
147 CVE-2005-2222 2005-07-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
148 CVE-2005-2221 Exec Code Sql 2005-07-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and product numbers. Assuming that this is the case, the issue still satisfies the CVE definition of "exposure."
149 CVE-2005-2220 2005-07-12 2016-10-18
5.0
None Remote Low Not required None Partial None
** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem.
150 CVE-2005-2219 2005-07-12 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.
Total number of vulnerabilities : 289   Page : 1 2 3 (This Page)4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.