Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4772 | Unspecified vulnerability in Suse products liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013. | 6.4 |
| 2005-12-31 | CVE-2005-4771 | Authentication Bypass vulnerability in Trust Digital Trusted Mobility Suite Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized. | 4.6 |
| 2005-12-31 | CVE-2005-4770 | SQL Injection vulnerability in Accelerated E Solutions SQL injection vulnerability in an unspecified Accelerated Enterprise Solutions product, possibly Accelerated E Solutions, allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
| 2005-12-31 | CVE-2005-4769 | SQL Injection vulnerability in Belchior Foundry vCard Pro Addrbook.PHP SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_id parameter. | 7.5 |
| 2005-12-31 | CVE-2005-4768 | SQL Injection vulnerability in TuxBank ManageAccount.PHP SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.php. | 7.5 |
| 2005-12-31 | CVE-2005-4767 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password. | 5.1 |
| 2005-12-31 | CVE-2005-4766 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic. | 5.4 |
| 2005-12-31 | CVE-2005-4765 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection. | 7.6 |
| 2005-12-31 | CVE-2005-4764 | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins). | 7.8 |
| 2005-12-31 | CVE-2005-4763 | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions. | 7.5 |