LiveActive security incident?Get immediate response
CVE archive

March 2005

Browse CVE records published in March 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 392 matching CVEs · Page 2 of 8.

Unknown · CVSS Not scored

CVE-2005-2922: Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including...

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

Published Mar 23, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2711: ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent f...

ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.

Published Mar 24, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1730: Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attac...

Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.

Published Mar 3, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0928: Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inje...

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

Published Mar 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0907: Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute ar...

Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php.

Published Mar 29, 2005 · Updated Aug 7, 2024