Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-0036 | Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. | 5.0 |
| 2005-12-30 | CVE-2005-4590 | Security Bypass vulnerability in SPB Kiosk Engine 1.0.0.1 Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will execute because of the autorun setting and (2) applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe file. | 4.6 |
| 2005-12-30 | CVE-2005-4589 | Local Security vulnerability in SPB Kiosk Engine 1.0.0.1 Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the registry in plaintext, which allows local users to obtain the passcode. | 2.1 |
| 2005-12-30 | CVE-2005-4588 | Unspecified vulnerability in Dream4 Koobi 5.0 Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags. network dream4 | 4.3 |
| 2005-12-30 | CVE-2005-4587 | Remote Denial of Service vulnerability in Juniper NetScreen-Security Manager 2004 Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port). | 7.8 |
| 2005-12-30 | CVE-2005-4586 | SQL Injection vulnerability in PHPsurveyor 0.99 Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts. | 7.5 |
| 2005-12-29 | CVE-2005-4583 | Cross-Site Scripting vulnerability in VMWare ESX Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | 4.3 |
| 2005-12-29 | CVE-2005-4582 | Remote Security vulnerability in Scott Draves Electric Sheep 2.6.3 Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via (1) DNS spoofing, (2) a URL on the command line, or (3) a URL in the configuration file. | 7.5 |
| 2005-12-29 | CVE-2005-4581 | Local Security vulnerability in Scott Draves Electric Sheep 2.6.3 Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. | 4.6 |
| 2005-12-29 | CVE-2005-4580 | Cross-Site Scripting vulnerability in DAY Communique 4 Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search. network day | 4.3 |