CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2005-2860 XSS 2005-09-08 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.
202 CVE-2005-2859 +Priv 2005-09-08 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges.
203 CVE-2005-2858 2005-09-08 2008-09-05
5.0
None Remote Low Not required Partial None None
The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7.0 allows remote attackers to read the Windows Address Book via the FullAddressBook method.
204 CVE-2005-2857 2005-09-08 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy).
205 CVE-2005-2856 119 Exec Code Overflow 2005-09-08 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.
206 CVE-2005-2855 1 XSS 2005-09-08 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field.
207 CVE-2005-2854 2005-09-08 2008-09-05
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers.
208 CVE-2005-2853 XSS 2005-09-08 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pg parameter to printfaq.php, or the (2) Referer or (3) User-Agent HTTP headers, which are not properly handled by error.php.
209 CVE-2005-2852 DoS 2005-09-08 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.
210 CVE-2005-2851 2005-09-08 2008-09-05
2.1
None Local Low Not required Partial None None
smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.
211 CVE-2005-2850 DoS Overflow 2005-09-08 2008-09-05
5.0
None Remote Low Not required None None Partial
SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error.
212 CVE-2005-2849 2005-09-08 2016-10-18
6.4
None Remote Low Not required Partial Partial None
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump.
213 CVE-2005-2848 Dir. Trav. 2005-09-08 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
214 CVE-2005-2847 Exec Code 2005-09-08 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
215 CVE-2005-2846 Exec Code File Inclusion 2005-09-08 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
216 CVE-2005-2845 +Info 2005-09-08 2017-07-11
5.0
None Remote Low Not required Partial None None
Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information.
217 CVE-2005-2844 DoS Exec Code Overflow 2005-09-08 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object.
218 CVE-2005-2843 Bypass 2005-09-08 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.
219 CVE-2005-2842 Exec Code Overflow 2005-09-08 2017-09-16
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username.
220 CVE-2005-2841 DoS Exec Code Overflow 2005-09-08 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials.
221 CVE-2005-2840 2005-09-07 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspecified attack vectors, in one or more of the (1) Download, (2) Search, (3) Web links, (4) Blocks, (5) Messages, (6) News, (7) Comments, (8) Settings, (9) Stats or (10) subjects modules.
222 CVE-2005-2839 XSS 2005-09-07 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php.
223 CVE-2005-2838 Exec Code Sql 2005-09-07 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
224 CVE-2005-2837 Exec Code 2005-09-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.
225 CVE-2005-2836 XSS 2005-09-07 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php.
226 CVE-2005-2820 XSS 2005-09-07 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".
227 CVE-2005-2819 264 +Priv 2005-09-07 2011-05-19
7.5
None Remote Low Not required Partial Partial Partial
DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.
228 CVE-2005-2818 79 XSS 2005-09-07 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php.
229 CVE-2005-2817 2005-09-07 2017-07-11
5.0
None Remote Low Not required Partial None None
Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
230 CVE-2005-2816 XSS 2005-09-07 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file.
231 CVE-2005-2815 DoS +Info 2005-09-07 2017-07-11
6.4
None Remote Low Not required Partial None Partial
print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
232 CVE-2005-2814 XSS 2005-09-07 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.
233 CVE-2005-2813 Dir. Trav. 2005-09-07 2018-10-19
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.
234 CVE-2005-2812 Exec Code 2005-09-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
man2web allows remote attackers to execute arbitrary commands via -P arguments.
235 CVE-2005-2811 +Priv 2005-09-07 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.
236 CVE-2005-2810 Overflow +Priv 2005-09-07 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.
237 CVE-2005-2809 2005-09-07 2008-09-05
2.1
None Local Low Not required None Partial None
silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file.
238 CVE-2005-2808 Bypass 2005-09-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts.
239 CVE-2005-2807 2005-09-07 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option.
240 CVE-2005-2806 20 DoS 2005-09-06 2017-07-11
5.0
None Remote Low Not required None None Partial
client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers to cause a denial of service (application hang) via an HTTP header containing only a ":" (colon), possibly leading to an integer signedness error due to a missing field name or value.
241 CVE-2005-2805 2005-09-06 2017-07-11
5.0
None Remote Low Not required None Partial None
forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
242 CVE-2005-2803 XSS 2005-09-06 2008-11-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336.
243 CVE-2005-2801 2005-09-06 2018-10-19
5.0
None Remote Low Not required None Partial None
xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.
244 CVE-2005-2800 399 DoS 2005-09-06 2018-10-19
2.1
None Local Low Not required None None Partial
Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error.
245 CVE-2005-2799 Exec Code Overflow 2005-09-15 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
246 CVE-2005-2798 2005-09-06 2018-10-19
5.0
None Remote Low Not required Partial None None
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
247 CVE-2005-2797 2005-09-06 2016-12-08
5.0
None Remote Low Not required None Partial None
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
248 CVE-2005-2796 DoS 2005-09-07 2017-10-11
5.0
None Remote Low Not required None None Partial
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
249 CVE-2005-2794 DoS 2005-09-07 2017-10-11
5.0
None Remote Low Not required None None Partial
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
250 CVE-2005-2793 77 Exec Code File Inclusion 2005-09-02 2020-11-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
Total number of vulnerabilities : 309   Page : 1 2 3 4 5 (This Page)6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.