LiveActive security incident?Get immediate response
CVE archive

November 2005

Browse CVE records published in November 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 514 matching CVEs · Page 2 of 11.

Unknown · CVSS Not scored

CVE-2005-3893: Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2...

Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.

Published Nov 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3732: The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0...

The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

Published Nov 21, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3895: Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType...

Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.

Published Nov 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3871: Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote atta...

Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) forum parameter in newtopic.php, and (5) tidnr parameter in neuerbeitrag.php.

Published Nov 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3840: SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute a...

SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. NOTE: due to a typo, an Internet Explorer issue was incorrectly assigned this identifier, but the correct identifier is CVE-2005-3240.

Published Nov 26, 2005 · Updated Aug 7, 2024