2005 CVEs

4770 CVEs published in 2005. 17 critical, 28 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2005
CVESeverityScorePublishedSummary
CVE-2005-4891Critical9.82020-01-15Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
CVE-2005-2354Critical9.82019-11-05Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.
CVE-2005-3056Critical9.82019-11-01TWiki allows arbitrary shell command execution via the Include function
CVE-2005-3590Critical9.82019-04-10The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specif…
CVE-2005-3435Critical9.82005-11-02admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example throug…
CVE-2005-3120Critical9.82005-10-17Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers c…
CVE-2005-2773Critical9.82005-09-02HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to c…
CVE-2005-2103Critical9.82005-08-16Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute ar…
CVE-2005-1689Critical9.82005-07-18Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certai…
CVE-2005-1744Critical9.82005-05-24BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to conti…
CVE-2005-1513Critical9.82005-05-11Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers t…
CVE-2005-0269Critical9.82005-05-02The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbi…
CVE-2005-0199Critical9.82005-05-02Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) a…
CVE-2005-1141Critical9.82005-04-15Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM fil…
CVE-2005-0496Critical9.82005-02-21Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system…
CVE-2005-0408Critical9.82005-02-14CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authenticat…
CVE-2005-0102Critical9.82005-01-24Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length…
CVE-2005-10004High8.82025-08-30Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell…
CVE-2005-0490High8.82005-05-02Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via…
CVE-2005-1831High8.42005-05-31Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank p…