LiveActive security incident?Get immediate response
CVE archive

March 2005

Browse CVE records published in March 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 392 matching CVEs · Page 1 of 8.

Medium · CVSS 5.4

CVE-2005-10001: Netegrity SiteMinder Login smpwservicescgi.exe redirect

A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Published Mar 28, 2022 · Updated Apr 15, 2025

Unknown · CVSS Not scored

CVE-2005-0737: Buffer overflow in Yahoo!

Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode.

Published Mar 13, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-4831: viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the...

viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.

Published Mar 3, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2005-4835: The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows rem...

The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission.

Published Mar 30, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2005-4879: Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allo...

Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected.

Published Mar 31, 2009 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2005-4748: PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote...

PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file inclusion problem.

Published Mar 30, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-4744: Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other ve...

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

Published Mar 28, 2006 · Updated Aug 7, 2024