LiveActive security incident?Get immediate response
CVE archive

2005 CVE Archive

Browse CVE records published in 2005 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 4627 matching CVEs · Page 1 of 93.

Medium · CVSS 5.9

CVE-2005-4900: SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing...

SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.

Published Oct 14, 2016 · Updated May 22, 2026

High · CVSS 8.7

CVE-2005-10004: Cacti graph_view.php RCE via graph_start Parameter Injection

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.

Published Aug 30, 2025 · Updated May 15, 2026

Medium · CVSS 5.4

CVE-2005-10001: Netegrity SiteMinder Login smpwservicescgi.exe redirect

A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Published Mar 28, 2022 · Updated Apr 15, 2025

Low · CVSS 3.7

CVE-2005-4780: Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers...

Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED

Published Apr 14, 2006 · Updated Jan 16, 2025

Medium · CVSS 5.3

CVE-2005-4650: Joomla!

Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.

Published Jan 14, 2006 · Updated Jan 16, 2025

Medium · CVSS 6.3

CVE-2005-4349: SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users...

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450

Published Dec 19, 2005 · Updated Jan 16, 2025

Medium · CVSS 6.1

CVE-2005-4206: Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions b...

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.

Published Dec 13, 2005 · Updated Jan 16, 2025

High · CVSS 8.4

CVE-2005-1831: Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileg...

Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.

Published Jun 2, 2005 · Updated Jan 16, 2025

Medium · CVSS 6.3

CVE-2005-10003: mikexstudios Xcomic os command injection

A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.3 is able to address this issue. The patch is named 6ed8e3cc336e29f09c7e791863d0559939da98bf. It is recommended to upgrade the affected component.

Published Oct 17, 2024 · Updated Oct 17, 2024

Unknown · CVSS Not scored

CVE-2005-3274: Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on S...

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.

Published Oct 20, 2005 · Updated Oct 15, 2024

Unknown · CVSS Not scored

CVE-2005-2692: Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrar...

Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module.

Published Aug 24, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-2742: SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button...

SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting.

Published Oct 25, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-3277: The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code vi...

The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.

Published Oct 21, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-1932: Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certa...

Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php.

Published Jun 30, 2005 · Updated Sep 17, 2024