Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-02 | CVE-2005-2773 | Unspecified vulnerability in HP Openview Network Node Manager HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. | 9.8 |
| 2005-08-16 | CVE-2005-2103 | Incorrect Calculation of Buffer Size vulnerability in Gaim Project Gaim 0.75 Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n. | 9.8 |
| 2005-08-04 | CVE-2005-2456 | Improper Locking vulnerability in multiple products Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. | 5.5 |
| 2005-07-26 | CVE-2005-1920 | Improper Preservation of Permissions vulnerability in multiple products The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. | 7.5 |
| 2005-07-18 | CVE-2005-2293 | Incomplete Cleanup vulnerability in Oracle Forms Builder 9.0.4 Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information. | 5.5 |
| 2005-07-18 | CVE-2005-2281 | Inadequate Encryption Strength vulnerability in Juvare Webeoc WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | 7.5 |
| 2005-07-18 | CVE-2005-1689 | Double Free vulnerability in multiple products Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. | 9.8 |
| 2005-07-11 | CVE-2005-2209 | Cleartext Storage of Sensitive Information vulnerability in Capturix Scanshare 1.06 Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | 5.5 |
| 2005-07-11 | CVE-2005-2182 | Improper Verification of Cryptographic Signature vulnerability in Grandstream Bt-100 Firmware Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
| 2005-07-11 | CVE-2005-2181 | Improper Verification of Cryptographic Signature vulnerability in Cisco IP Phone 7940 Firmware and IP Phone 7960 Firmware Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |