LiveActive security incident?Get immediate response
CVE archive

April 2005

Browse CVE records published in April 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 444 matching CVEs · Page 4 of 9.

Unknown · CVSS Not scored

CVE-2005-1283: Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated...

Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367.

Published Apr 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1236: Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to exe...

Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.

Published Apr 24, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1244: Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400...

Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable.

Published Apr 24, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1224: Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitra...

Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.

Published Apr 22, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1181: NOTE: this issue has been disputed by the vendor.

NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005

Published Apr 19, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1201: Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote aut...

Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist.

Published Apr 21, 2005 · Updated Aug 7, 2024