Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4709 | The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread. | 5.0 |
| 2005-12-31 | CVE-2005-4708 | Local Privilege Escalation vulnerability in Macromedia eLicensing Client Activation Code Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System. | 7.2 |
| 2005-12-31 | CVE-2005-4707 | Cross-Site Scripting vulnerability in PHP GEN Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network php-gen | 4.3 |
| 2005-12-31 | CVE-2005-4706 | Local vulnerability in SUN Solaris 10.0 Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function. | 2.1 |
| 2005-12-31 | CVE-2005-4705 | Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection. | 5.0 |
| 2005-12-31 | CVE-2005-4704 | Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1 Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges. | 5.0 |
| 2005-12-31 | CVE-2005-4702 | Remote SQL Injection vulnerability in Ipbproarcade 2.5.2 SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. | 6.4 |
| 2005-12-31 | CVE-2005-4701 | Information Disclosure vulnerability in SUN Solaris 10.0 Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx. | 2.1 |
| 2005-12-31 | CVE-2005-4700 | Information Disclosure vulnerability in Tellme 1.2 TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message. | 5.0 |
| 2005-12-31 | CVE-2005-4698 | Cross-Site Scripting vulnerability in Tellme 1.2 Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters. network tellme | 4.3 |