LiveActive security incident?Get immediate response
CVE archive

March 2005

Browse CVE records published in March 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 392 matching CVEs · Page 3 of 8.

Unknown · CVSS Not scored

CVE-2005-0807: Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (a...

Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters.

Published Mar 20, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0868: AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) P...

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

Published Mar 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0848: Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunt...

Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl.

Published Mar 24, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0853: betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain...

betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0.

Published Mar 24, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0862: Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers...

Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php.

Published Mar 24, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0805: SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remo...

SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.

Published Mar 20, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0869: phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.Op...

phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.

Published Mar 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0828: highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products...

highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.

Published Mar 22, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0870: Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, al...

Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.

Published Mar 26, 2005 · Updated Aug 7, 2024