Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4868 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 Universal Database Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | 7.1 |
| 2005-12-31 | CVE-2005-4860 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Spectrumcu Cash Receipting System 6.406.08 Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password. | 7.8 |
| 2005-12-13 | CVE-2005-4206 | Open Redirect vulnerability in Blackboard Academic Suite 6.0.0.0/6.2.3.23/6.3.1.424 Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page. | 6.1 |
| 2005-11-27 | CVE-2005-3847 | Improper Locking vulnerability in multiple products The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump. | 5.5 |
| 2005-11-24 | CVE-2005-3803 | Use of Hard-coded Credentials vulnerability in Cisco Unified Wireless IP Phone 7920 Firmware 1.0(8) Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2005-11-21 | CVE-2005-3716 | Use of Hard-coded Credentials vulnerability in Utstarcom F1000 Wi-Fi Firmware 2.0 The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information. | 7.5 |
| 2005-11-02 | CVE-2005-3435 | Insufficiently Protected Credentials vulnerability in Archilles Newsworld 1.3.0 admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. | 9.8 |
| 2005-10-21 | CVE-2005-3274 | NULL Pointer Dereference vulnerability in multiple products Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. | 4.7 |
| 2005-10-17 | CVE-2005-3120 | Incorrect Calculation of Buffer Size vulnerability in multiple products Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | 9.8 |
| 2005-10-05 | CVE-2005-3140 | Cleartext Transmission of Sensitive Information vulnerability in Procom Netforce 800 Firmware 4.02 Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes. | 7.5 |