LiveActive security incident?Get immediate response
CVE archive

July 2005

Browse CVE records published in July 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 286 matching CVEs · Page 3 of 6.

Unknown · CVSS Not scored

CVE-2005-2371: Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwri...

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.

Published Jul 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2377: nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other oper...

nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE.

Published Jul 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2372: Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Or...

Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet.

Published Jul 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2381: PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) quest...

PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php, (2) survey.php, or (3) group.php in the root directory, a direct request to (4) database.php, (5) sessioncontrol.php, (6) html.php, (7) sessioncontrol.php, an invalid (8) qid parameter to dumpquestion.php, or an invalid lid parameter to (9) labels.php or (10) dumplabel.php, which reveal the path in an error message.

Published Jul 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2254: Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbi...

Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description.

Published Jul 13, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2335: Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial...

Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.

Published Jul 27, 2005 · Updated Aug 7, 2024