Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-21 | CVE-2005-4448 | Directory Traversal vulnerability in Flatnuke 2.5.6 FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie. | 10.0 |
| 2005-12-21 | CVE-2005-4267 | Buffer Errors vulnerability in Qualcomm Worldmail 3.0 Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands. | 7.5 |
| 2005-12-21 | CVE-2005-3657 | Unspecified vulnerability in Mcafee Mcinsctl.Dll and Virusscan Security Center The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object. | 5.0 |
| 2005-12-21 | CVE-2005-4447 | SQL-Injection vulnerability in phpCOIN SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter. | 7.5 |
| 2005-12-21 | CVE-2005-4446 | Cross-Site Scripting vulnerability in Aspbite 8 Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter. network aspbite | 4.3 |
| 2005-12-21 | CVE-2005-4445 | Remote Code Execution vulnerability in Pegasus Mail Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow. | 5.1 |
| 2005-12-21 | CVE-2005-4444 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in David Harris Pegasus Mail Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply. | 5.1 |
| 2005-12-21 | CVE-2005-4443 | Packages Insecure RUNPATH vulnerability in Gentoo Linux Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | 7.2 |
| 2005-12-21 | CVE-2005-4442 | Packages Insecure RUNPATH vulnerability in Gentoo Linux Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | 7.2 |
| 2005-12-21 | CVE-2005-4441 | Security Bypass vulnerability in Pvlan Protocol The PVLAN protocol allows remote attackers to bypass network segmentation and spoof PVLAN traffic via a PVLAN message with a target MAC address that is set to a gateway router, which causes the packet to be sent to the router, where the source MAC is modified, aka "Modification of the MAC spoofing PVLAN jumping attack," as demonstrated by pvlan.c. | 5.0 |