Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4840 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Outlook Express Book Control The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. | 4.3 |
| 2005-12-31 | CVE-2005-4839 | Remote Security vulnerability in PureTLS PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates. | 5.0 |
| 2005-12-31 | CVE-2005-4837 | Numeric Errors vulnerability in multiple products snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. | 10.0 |
| 2005-12-31 | CVE-2005-4835 | Denial-Of-Service vulnerability in MADWifi The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. network madwifi | 7.1 |
| 2005-12-31 | CVE-2005-4834 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. | 5.0 |
| 2005-12-31 | CVE-2005-4833 | Unspecified vulnerability in IBM Websphere Application Server 6.0 IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format. network ibm | 4.3 |
| 2005-12-31 | CVE-2005-4832 | Remote SQL Injection vulnerability in Oracle 10g Database SUBSCRIPTION_NAME SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197. | 7.5 |
| 2005-12-31 | CVE-2005-4831 | Cross-Site Scripting vulnerability in Viewcvs 0.9.2 viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. network viewcvs | 4.3 |
| 2005-12-31 | CVE-2005-4830 | Unspecified vulnerability in Viewcvs 0.9.2 CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter. | 7.6 |
| 2005-12-31 | CVE-2005-4828 | Remote Security vulnerability in Kolab Groupware Server 2.0.0/2.0.1 Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. | 6.4 |