| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2005-3649 |
|
|
|
2005-11-17 |
2016-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter. |
|
252 |
CVE-2005-3648 |
|
|
Exec Code Sql |
2005-11-17 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php. |
|
253 |
CVE-2005-3647 |
|
|
Bypass |
2005-11-17 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory. |
|
254 |
CVE-2005-3646 |
89 |
|
Exec Code Sql |
2005-11-17 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. |
|
255 |
CVE-2005-3645 |
200 |
|
+Info |
2005-11-17 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php. |
|
256 |
CVE-2005-3644 |
399 |
|
DoS |
2005-11-17 |
2019-04-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. |
|
257 |
CVE-2005-3643 |
|
|
Bypass |
2005-11-16 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. |
|
258 |
CVE-2005-3642 |
|
|
Bypass |
2005-11-16 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. |
|
259 |
CVE-2005-3641 |
|
|
Bypass |
2005-11-16 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. |
|
260 |
CVE-2005-3640 |
119 |
|
Exec Code Overflow |
2005-11-16 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command. |
|
261 |
CVE-2005-3639 |
|
|
Dir. Trav. File Inclusion |
2005-11-16 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability. |
|
262 |
CVE-2005-3638 |
|
|
XSS |
2005-11-16 |
2011-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts. |
|
263 |
CVE-2005-3636 |
|
|
XSS |
2005-11-16 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. |
|
264 |
CVE-2005-3635 |
|
|
XSS |
2005-11-16 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. |
|
265 |
CVE-2005-3634 |
|
|
|
2005-11-16 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. |
|
266 |
CVE-2005-3633 |
|
|
Http R.Spl. |
2005-11-16 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. |
|
267 |
CVE-2005-3632 |
|
|
Exec Code Overflow |
2005-11-21 |
2018-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file. |
|
268 |
CVE-2005-3622 |
|
|
|
2005-11-16 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. |
|
269 |
CVE-2005-3621 |
|
|
Http R.Spl. |
2005-11-16 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. |
|
270 |
CVE-2005-3596 |
|
|
Exec Code Sql Bypass |
2005-11-16 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp. |
|
271 |
CVE-2005-3595 |
|
|
|
2005-11-16 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. |
|
272 |
CVE-2005-3594 |
|
|
|
2005-11-16 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. |
|
273 |
CVE-2005-3592 |
|
|
|
2005-11-16 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter. |
|
274 |
CVE-2005-3591 |
20 |
|
DoS Exec Code |
2005-11-16 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. |
|
275 |
CVE-2005-3589 |
|
|
DoS Overflow |
2005-11-16 |
2018-10-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command. |
|
276 |
CVE-2005-3588 |
|
|
Exec Code +Priv Sql |
2005-11-16 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field. |
|
277 |
CVE-2005-3587 |
|
|
|
2005-11-16 |
2010-04-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors. |
|
278 |
CVE-2005-3586 |
|
|
|
2005-11-16 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. |
|
279 |
CVE-2005-3585 |
|
|
Exec Code Sql |
2005-11-16 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter. |
|
280 |
CVE-2005-3584 |
|
|
XSS |
2005-11-16 |
2016-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter. |
|
281 |
CVE-2005-3583 |
|
|
DoS |
2005-11-16 |
2016-10-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
(1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss. |
|
282 |
CVE-2005-3582 |
|
|
|
2005-11-16 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. |
|
283 |
CVE-2005-3581 |
|
|
|
2005-11-16 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. |
|
284 |
CVE-2005-3580 |
|
|
|
2005-11-16 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
QDBM before 1.8.33-r2 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. |
|
285 |
CVE-2005-3579 |
|
|
|
2005-11-16 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring. |
|
286 |
CVE-2005-3578 |
|
|
Sql |
2005-11-16 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter. |
|
287 |
CVE-2005-3577 |
|
|
XSS |
2005-11-16 |
2018-10-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter. |
|
288 |
CVE-2005-3576 |
|
|
|
2005-11-16 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter. |
|
289 |
CVE-2005-3575 |
|
|
Exec Code Sql |
2005-11-16 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
290 |
CVE-2005-3574 |
|
|
File Inclusion |
2005-11-16 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter. |
|
291 |
CVE-2005-3573 |
|
|
DoS |
2005-11-16 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). |
|
292 |
CVE-2005-3572 |
|
|
Exec Code Sql |
2005-11-16 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. |
|
293 |
CVE-2005-3571 |
94 |
|
File Inclusion |
2005-11-16 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected. |
|
294 |
CVE-2005-3570 |
79 |
|
XSS |
2005-11-16 |
2011-05-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". |
|
295 |
CVE-2005-3569 |
|
|
DoS |
2005-11-16 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. |
|
296 |
CVE-2005-3568 |
|
|
DoS |
2005-11-16 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING." |
|
297 |
CVE-2005-3567 |
264 |
|
Bypass |
2005-11-16 |
2017-07-11 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors. |
|
298 |
CVE-2005-3566 |
|
|
Exec Code Overflow |
2005-11-16 |
2017-07-11 |
4.3 |
None |
Local |
Low |
??? |
Partial |
Partial |
Partial |
|
Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew. |
|
299 |
CVE-2005-3565 |
|
|
|
2005-11-16 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors. |
|
300 |
CVE-2005-3564 |
|
|
|
2005-11-16 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors. |
