Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-3618 | Cross-Site Request Forgery vulnerability in ESX Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. | 7.6 |
| 2005-12-31 | CVE-2005-3540 | Local Buffer Overflow vulnerability in Petris Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors. | 7.5 |
| 2005-12-31 | CVE-2005-3539 | Scripts Remote Command Execution vulnerability in Hylafax Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3. | 7.5 |
| 2005-12-31 | CVE-2005-3538 | Remote PAM Authentication Bypass vulnerability in Ifax Solutions Hylafax 4.2.3 hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges. | 7.5 |
| 2005-12-31 | CVE-2005-3526 | Remote Buffer Overflow vulnerability in Ipswitch IMail Server / Collaboration Suite IMAP FETCH Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. | 6.5 |
| 2005-12-31 | CVE-2005-3525 | Buffer Overflow vulnerability in Macromedia Shockwave Player ActiveX Control Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | 9.3 |
| 2005-12-31 | CVE-2005-3342 | Unspecified vulnerability in Norman Ramsey Noweb 2.10C/2.9A noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm. | 1.2 |
| 2005-12-31 | CVE-2005-3340 | Unspecified vulnerability in NEW Breed Software TUX Paint 0.9.14 The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors. | 7.2 |
| 2005-12-31 | CVE-2005-3240 | Race Condition vulnerability in Microsoft IE and Internet Explorer Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. | 5.1 |
| 2005-12-31 | CVE-2005-3188 | Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.094 Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | 7.6 |