CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2005-3776 XSS 2005-11-23 2016-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system.
152 CVE-2005-3775 94 File Inclusion 2005-11-23 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter.
153 CVE-2005-3774 DoS 2005-11-23 2018-10-19
5.0
None Remote Low Not required None None Partial
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.
154 CVE-2005-3773 2005-11-23 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions."
155 CVE-2005-3772 Exec Code Sql 2005-11-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.
156 CVE-2005-3771 XSS 2005-11-23 2011-03-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF".
157 CVE-2005-3770 79 XSS 2005-11-23 2018-10-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the subject in a post, or the user parameter to (2) profile.php and (3) mail.php.
158 CVE-2005-3769 Exec Code Sql 2005-11-23 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
159 CVE-2005-3768 DoS Exec Code Overflow 2005-11-23 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
160 CVE-2005-3767 2005-11-22 2017-07-11
5.0
None Remote Low Not required None Partial None
Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files.
161 CVE-2005-3766 2005-11-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files.
162 CVE-2005-3765 Exec Code 2005-11-22 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code.
163 CVE-2005-3764 2005-11-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML.
164 CVE-2005-3763 +Info 2005-11-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.
165 CVE-2005-3762 Exec Code Sql 2005-11-22 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter.
166 CVE-2005-3761 XSS 2005-11-22 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer.
167 CVE-2005-3760 119 DoS Overflow 2005-11-22 2011-03-08
7.8
None Remote Low Not required None None Complete
Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND).
168 CVE-2005-3759 79 XSS 2005-11-22 2018-10-19
5.8
None Remote Medium Not required Partial Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
169 CVE-2005-3758 XSS 2005-11-22 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.
170 CVE-2005-3757 Exec Code +Info 2005-11-22 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
171 CVE-2005-3756 2005-11-22 2018-10-19
5.0
None Remote Low Not required Partial None None
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.
172 CVE-2005-3755 Dir. Trav. 2005-11-22 2018-10-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.
173 CVE-2005-3754 XSS 2005-11-22 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.
174 CVE-2005-3753 DoS 2005-11-22 2008-09-05
7.8
None Remote Low Not required None None Complete
Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker.
175 CVE-2005-3752 2005-11-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction".
176 CVE-2005-3751 XSS Bypass 2005-11-22 2008-09-05
4.3
None Remote Medium Not required None Partial None
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
177 CVE-2005-3750 74 Exec Code 2005-11-22 2022-02-28
7.5
None Remote Low Not required Partial Partial Partial
Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera.
178 CVE-2005-3749 2005-11-22 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.
179 CVE-2005-3748 89 Exec Code Sql 2005-11-22 2011-08-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter.
180 CVE-2005-3747 200 +Info 2005-11-22 2018-10-19
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758.
181 CVE-2005-3746 Exec Code Sql 2005-11-22 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter.
182 CVE-2005-3745 XSS 2005-11-22 2020-12-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
183 CVE-2005-3744 89 Exec Code Sql 2005-11-22 2011-08-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php.
184 CVE-2005-3743 Exec Code Sql 2005-11-22 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
185 CVE-2005-3742 XSS 2005-11-22 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter.
186 CVE-2005-3741 Bypass 2005-11-22 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions.
187 CVE-2005-3740 Exec Code Sql 2005-11-22 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.
188 CVE-2005-3739 2005-11-22 2011-03-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors.
189 CVE-2005-3738 File Inclusion 2005-11-22 2018-10-19
2.6
None Remote High Not required None Partial None
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
190 CVE-2005-3737 Exec Code Overflow 2005-11-22 2011-03-08
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
191 CVE-2005-3736 XSS 2005-11-22 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp.
192 CVE-2005-3735 Exec Code Sql 2005-11-22 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp.
193 CVE-2005-3734 XSS 2005-11-22 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.
194 CVE-2005-3733 DoS Exec Code 2005-11-21 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
195 CVE-2005-3732 399 DoS 2005-11-21 2018-10-19
7.8
None Remote Low Not required None None Complete
The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
196 CVE-2005-3731 2005-11-21 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing."
197 CVE-2005-3730 XSS 2005-11-21 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp.
198 CVE-2005-3729 +Info 2005-11-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html.
199 CVE-2005-3728 +Info 2005-11-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information.
200 CVE-2005-3727 Exec Code Sql 2005-11-21 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter.
Total number of vulnerabilities : 504   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.