LiveActive security incident?Get immediate response
CVE archive

May 2005

Browse CVE records published in May 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 428 matching CVEs · Page 1 of 9.

Unknown · CVSS Not scored

CVE-2005-1440: Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers t...

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.

Published May 3, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-1657: Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform...

Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml.

Published May 18, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-1673: Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL...

Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php.

Published May 19, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-1676: Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office bef...

Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list.

Published May 25, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-1586: Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored...

Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files.

Published May 14, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-3782: Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Rest...

Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.

Published May 19, 2006 · Updated Sep 16, 2024