Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-26 | CVE-2005-1828 | Cleartext Storage of Sensitive Information vulnerability in Dlink Dsl-504T Firmware D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2005-05-24 | CVE-2005-1744 | Incomplete Cleanup vulnerability in BEA Weblogic Server BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. | 9.8 |
| 2005-05-19 | CVE-2005-1674 | Cross-Site Request Forgery (CSRF) vulnerability in Helpcenterlive Help Center Live Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php. | 6.5 |
| 2005-05-11 | CVE-2005-1513 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request. | 9.8 |
| 2005-05-02 | CVE-2005-1111 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | 4.7 |
| 2005-05-02 | CVE-2005-1036 | Missing Initialization of Resource vulnerability in Freebsd FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. | 7.8 |
| 2005-05-02 | CVE-2005-0891 | Double Free vulnerability in Gnome GTK Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. | 7.5 |
| 2005-05-02 | CVE-2005-0877 | Origin Validation Error vulnerability in Thekelleys Dnsmasq Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. | 7.5 |
| 2005-05-02 | CVE-2005-0824 | Link Following vulnerability in Mathopd The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal. | 5.5 |
| 2005-05-02 | CVE-2005-0490 | Incorrect Calculation of Buffer Size vulnerability in Haxx Curl and Libcurl Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. | 8.8 |