LiveActive security incident?Get immediate response
CVE archive

July 2005

Browse CVE records published in July 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 286 matching CVEs · Page 2 of 6.

Unknown · CVSS Not scored

CVE-2005-2325: Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct reque...

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to (1) ticker.php, (2) menu.php, (3) banned.php, (4) endlayout.php, (5) randomhlinesblock.php, (6) showlast.php, (7) showlast5class1.php, (8) showlast5phorum.php, (9) showlast5phorumblock.php, (10) showlastforumbb2.php, or (11) showlastforumbb2block.php.

Published Jul 19, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-4858: Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier a...

Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element.

Published Jul 6, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-4857: eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote auth...

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".

Published Jul 6, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-3618: Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x bef...

Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.

Published Jul 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2398: Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQ...

Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.

Published Jul 27, 2005 · Updated Aug 7, 2024