LiveActive security incident?Get immediate response
CVE archive

August 2005

Browse CVE records published in August 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 333 matching CVEs · Page 2 of 7.

Unknown · CVSS Not scored

CVE-2005-2720: Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus prod...

Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.

Published Aug 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2696: IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which...

IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.

Published Aug 25, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2670: Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Serve...

Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files.

Published Aug 23, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2695: Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Cent...

Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS).

Published Aug 25, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2675: Note: the vendor has disputed this issue.

Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.

Published Aug 23, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2674: Note: the vendor has disputed this issue.

Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.

Published Aug 23, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2666: SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresse...

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

Published Aug 23, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2640: Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when u...

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Published Aug 20, 2005 · Updated Aug 7, 2024