Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-22 | CVE-2005-4468 | Remote Script Code Execution vulnerability in PHPGedView PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGV_BASE_DIRECTORY parameter. | 7.5 |
2005-12-22 | CVE-2005-4467 | Remote Script Code Execution vulnerability in PHPGedView Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a .. | 5.0 |
2005-12-22 | CVE-2005-4466 | Remote Heap Corruption Denial Of Service vulnerability in Interactive Intelligence Interaction SIP Proxy 3.0.010 Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab characters. | 7.5 |
2005-12-22 | CVE-2005-4465 | Denial Of Service vulnerability in NEC UNIVERGE IX1000/IX2000/IX3000 IKE Exchange The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.5 |
2005-12-22 | CVE-2005-4464 | Remote Kernel Deadlock Denial Of Service vulnerability in Ingate Firewall and SIParator Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote attackers to cause a denial of service (kernel deadlock) by sending a SYN packet for a TCP stream, which requires an RST packet in response. | 7.8 |
2005-12-21 | CVE-2005-4463 | Information Disclosure vulnerability in WordPress WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. | 5.0 |
2005-12-21 | CVE-2005-4462 | Remote File Include vulnerability in Tolva 0.1.0 PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter. | 7.5 |
2005-12-21 | CVE-2005-4461 | SQL Injection vulnerability in Beehive Forum SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_sess parameter. | 7.5 |
2005-12-21 | CVE-2005-4460 | HTML Injection vulnerability in Beehive Forum Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Description, and (3) Comment fields to (a) links.php and (b) links_add.php. | 5.1 |
2005-12-21 | CVE-2005-4459 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands. | 10.0 |