LiveActive security incident?Get immediate response
CVE archive

November 2005

Browse CVE records published in November 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 514 matching CVEs · Page 4 of 11.

Unknown · CVSS Not scored

CVE-2005-3818: Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to...

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.

Published Nov 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3796: Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro...

Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability.

Published Nov 24, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3788: Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an...

Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service."

Published Nov 24, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3773: Unspecified vulnerability in Joomla!

Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions."

Published Nov 23, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3774: Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via sp...

Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.

Published Nov 23, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3793: Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to by...

Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php.

Published Nov 24, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3768: Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Servi...

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

Published Nov 23, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3757: The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote...

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.

Published Nov 22, 2005 · Updated Aug 7, 2024