LiveActive security incident?Get immediate response
CVE archive

November 2005

Browse CVE records published in November 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 514 matching CVEs · Page 3 of 11.

Unknown · CVSS Not scored

CVE-2005-3845: SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitr...

SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue."

Published Nov 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3807: Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users...

Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlease function after the fasync queue has already been cleaned by the locks_delete_lock function.

Published Nov 25, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3817: Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote at...

Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.

Published Nov 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3820: Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attack...

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.

Published Nov 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3772: Multiple SQL injection vulnerabilities in Joomla!

Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.

Published Nov 23, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3831: Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products inclu...

Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.

Published Nov 26, 2005 · Updated Aug 7, 2024