LiveActive security incident?Get immediate response
CVE archive

August 2005

Browse CVE records published in August 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 333 matching CVEs · Page 1 of 7.

High · CVSS 8.7

CVE-2005-10004: Cacti graph_view.php RCE via graph_start Parameter Injection

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.

Published Aug 30, 2025 · Updated May 15, 2026

Unknown · CVSS Not scored

CVE-2005-2692: Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrar...

Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module.

Published Aug 24, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-2685: SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMy...

SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. NOTE: it is possible that this vulnerability stems from PhpMyExplorer, which is a separate package.

Published Aug 24, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-2688: Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject a...

Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields.

Published Aug 24, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-4876: Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (fo...

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877.

Published Aug 14, 2008 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2005-2699: Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated admin...

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE.

Published Aug 25, 2005 · Updated Aug 7, 2024