Max CVSS 7.8 Min CVSS 2.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2005-3388 4.3
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
23-06-2020 - 03:15 01-11-2005 - 12:47
CVE-2005-3389 5.0
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting,
30-10-2018 - 16:25 01-11-2005 - 12:47
CVE-2005-3390 7.5
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST reque
30-10-2018 - 16:25 01-11-2005 - 12:47
CVE-2005-3350 7.5
libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.
19-10-2018 - 15:35 04-11-2005 - 00:02
CVE-2005-2974 2.6
libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.
19-10-2018 - 15:34 04-11-2005 - 00:02
CVE-2005-2006 5.0
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents o
19-10-2018 - 15:32 17-06-2005 - 04:00
CVE-2005-2958 7.5
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.
03-10-2018 - 21:31 25-10-2005 - 16:02
CVE-2005-2629 5.1
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, whic
03-05-2018 - 01:29 18-11-2005 - 23:03
CVE-2005-3300 5.0
The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct request
11-07-2017 - 01:33 23-10-2005 - 21:02
CVE-2005-3501 4.3
The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero le
14-07-2011 - 04:00 05-11-2005 - 11:02
CVE-2005-3500 5.0
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the sa
08-03-2011 - 02:26 05-11-2005 - 11:02
CVE-2005-3303 7.5
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
08-03-2011 - 02:26 05-11-2005 - 11:02
CVE-2005-3252 7.5
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
08-03-2011 - 02:26 18-10-2005 - 21:02
CVE-2005-3301 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
08-03-2011 - 02:26 24-10-2005 - 10:02
CVE-2005-3123 5.0
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
08-03-2011 - 02:25 30-10-2005 - 20:02
CVE-2005-3239 7.8
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree f
02-04-2010 - 05:50 14-10-2005 - 19:02
CVE-2005-3122 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3424, CVE-2005-3425. Reason: this candidate was intended for one issue, but two different authoritative sources used it for two distinct issues. Notes: All CVE users should consul
10-09-2008 - 19:45 30-10-2005 - 20:02
CVE-2005-2869 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
05-09-2008 - 20:52 08-09-2005 - 23:03
Back to Top Mark selected
Back to Top