CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2005-3649 2005-11-17 2016-10-18
2.6
None Remote High Not required None Partial None
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
252 CVE-2005-3648 Exec Code Sql 2005-11-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.
253 CVE-2005-3647 Bypass 2005-11-17 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory.
254 CVE-2005-3646 89 Exec Code Sql 2005-11-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.
255 CVE-2005-3645 200 +Info 2005-11-17 2017-07-11
5.0
None Remote Low Not required Partial None None
phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
256 CVE-2005-3644 399 DoS 2005-11-17 2019-04-30
7.8
None Remote Low Not required None None Complete
PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
257 CVE-2005-3643 Bypass 2005-11-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.
258 CVE-2005-3642 Bypass 2005-11-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username.
259 CVE-2005-3641 Bypass 2005-11-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.
260 CVE-2005-3640 119 Exec Code Overflow 2005-11-16 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command.
261 CVE-2005-3639 Dir. Trav. File Inclusion 2005-11-16 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability.
262 CVE-2005-3638 XSS 2005-11-16 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.
263 CVE-2005-3636 XSS 2005-11-16 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
264 CVE-2005-3635 XSS 2005-11-16 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
265 CVE-2005-3634 2005-11-16 2017-07-11
5.0
None Remote Low Not required None Partial None
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
266 CVE-2005-3633 Http R.Spl. 2005-11-16 2017-07-11
5.0
None Remote Low Not required None Partial None
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
267 CVE-2005-3632 Exec Code Overflow 2005-11-21 2018-10-03
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.
268 CVE-2005-3622 2005-11-16 2016-10-18
5.0
None Remote Low Not required Partial None None
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.
269 CVE-2005-3621 Http R.Spl. 2005-11-16 2008-09-05
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.
270 CVE-2005-3596 Exec Code Sql Bypass 2005-11-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp.
271 CVE-2005-3595 2005-11-16 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.
272 CVE-2005-3594 2005-11-16 2016-10-18
5.0
None Remote Low Not required None Partial None
game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.
273 CVE-2005-3592 2005-11-16 2016-10-18
5.0
None Remote Low Not required Partial None None
index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter.
274 CVE-2005-3591 20 DoS Exec Code 2005-11-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628.
275 CVE-2005-3589 DoS Overflow 2005-11-16 2018-10-19
7.8
None Remote Low Not required None None Complete
Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command.
276 CVE-2005-3588 Exec Code +Priv Sql 2005-11-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field.
277 CVE-2005-3587 2005-11-16 2010-04-02
10.0
None Remote Low Not required Complete Complete Complete
Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.
278 CVE-2005-3586 2005-11-16 2016-10-18
5.0
None Remote Low Not required Partial None None
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.
279 CVE-2005-3585 Exec Code Sql 2005-11-16 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter.
280 CVE-2005-3584 XSS 2005-11-16 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
281 CVE-2005-3583 DoS 2005-11-16 2016-10-18
7.8
None Remote Low Not required None None Complete
(1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss.
282 CVE-2005-3582 2005-11-16 2011-03-08
7.2
None Local Low Not required Complete Complete Complete
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
283 CVE-2005-3581 2005-11-16 2011-03-08
7.2
None Local Low Not required Complete Complete Complete
GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
284 CVE-2005-3580 2005-11-16 2011-03-08
7.2
None Local Low Not required Complete Complete Complete
QDBM before 1.8.33-r2 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
285 CVE-2005-3579 2005-11-16 2018-10-19
5.0
None Remote Low Not required Partial None None
ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring.
286 CVE-2005-3578 Sql 2005-11-16 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter.
287 CVE-2005-3577 XSS 2005-11-16 2018-10-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter.
288 CVE-2005-3576 2005-11-16 2018-10-19
5.0
None Remote Low Not required Partial None None
ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter.
289 CVE-2005-3575 Exec Code Sql 2005-11-16 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
290 CVE-2005-3574 File Inclusion 2005-11-16 2011-03-08
5.0
None Remote Low Not required Partial None None
PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter.
291 CVE-2005-3573 DoS 2005-11-16 2017-10-11
5.0
None Remote Low Not required None None Partial
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
292 CVE-2005-3572 Exec Code Sql 2005-11-16 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allows remote attackers to execute arbitrary SQL commands via the rubid parameter.
293 CVE-2005-3571 94 File Inclusion 2005-11-16 2016-10-18
5.0
None Remote Low Not required Partial None None
PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected.
294 CVE-2005-3570 79 XSS 2005-11-16 2011-05-19
4.3
None Remote Medium Not required None Partial None
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
295 CVE-2005-3569 DoS 2005-11-16 2017-07-11
5.0
None Remote Low Not required None None Partial
INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files.
296 CVE-2005-3568 DoS 2005-11-16 2017-07-11
2.1
None Local Low Not required None None Partial
db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."
297 CVE-2005-3567 264 Bypass 2005-11-16 2017-07-11
5.8
None Local Network Low Not required Partial Partial Partial
slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors.
298 CVE-2005-3566 Exec Code Overflow 2005-11-16 2017-07-11
4.3
None Local Low ??? Partial Partial Partial
Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.
299 CVE-2005-3565 2005-11-16 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.
300 CVE-2005-3564 2005-11-16 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.
Total number of vulnerabilities : 504   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.