Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-21 | CVE-2005-4458 | Privilege Escalation vulnerability in MetaDot Portal Server Site_Mgr Group Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group. | 9.0 |
| 2005-12-21 | CVE-2005-4457 | Denial-Of-Service vulnerability in Mailenable Enterprise 1.1 MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command. | 7.5 |
| 2005-12-21 | CVE-2005-4456 | IMAP Remote Buffer Overflow vulnerability in MailEnable Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. | 7.8 |
| 2005-12-21 | CVE-2005-4455 | Remote Security vulnerability in LiveJournal cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi. | 5.0 |
| 2005-12-21 | CVE-2005-4454 | HTML Injection vulnerability in LiveJournal Cleanhtml.PL Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets. network livejournal | 4.3 |
| 2005-12-21 | CVE-2005-4453 | Privilege Escalation vulnerability in Ultraapps Issue Manager 2.1 UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field. | 9.0 |
| 2005-12-21 | CVE-2005-4452 | Information Disclosure vulnerability in Information Call Center Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. | 5.0 |
| 2005-12-21 | CVE-2005-4451 | Remote Unauthorized Access vulnerability in HP Hp-Ux 11.11 Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors. | 7.5 |
| 2005-12-21 | CVE-2005-4450 | Cross-Site Request Forgery vulnerability in PHPmyadmin 2.7.0Pl1 Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. | 7.5 |
| 2005-12-21 | CVE-2005-4449 | Remote Security vulnerability in Flatnuke 2.5.6 verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. | 4.0 |