Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-21 | CVE-2005-4440 | Security Bypass vulnerability in Vlan Protocol Vlan Protocol 802.1Q The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN jumping attack." | 5.0 |
| 2005-12-21 | CVE-2005-4439 | Remote Buffer Overflow vulnerability in Elog Elogd 2.6.0Beta4 Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter. | 7.8 |
| 2005-12-21 | CVE-2005-4438 | Heap Overflow vulnerability in Dec2Rar.Dll 3.2.14.3 Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field. | 7.5 |
| 2005-12-21 | CVE-2005-4437 | Unspecified vulnerability in Extended Interior Gateway Routing Protocol Extended Interior Gateway Routing Protocol 1.2 MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. | 7.5 |
| 2005-12-21 | CVE-2005-4436 | Remote Denial Of Service vulnerability in Cisco EIGRP Protocol Unauthenticated Goodbye Packet Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV). | 7.8 |
| 2005-12-21 | CVE-2005-4435 | Cross-Site Scripting vulnerability in Abledesign D-Man 3.0 Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. network abledesign | 4.3 |
| 2005-12-21 | CVE-2005-4434 | Cross-Site Scripting vulnerability in Abledesign 2.0 Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network abledesign | 4.3 |
| 2005-12-21 | CVE-2005-4433 | Cross-Site Scripting vulnerability in Esselbach Internet Solutions Esselbach Storyteller CMS 1.8 Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Search field. network esselbach-internet-solutions | 4.3 |
| 2005-12-21 | CVE-2005-4432 | Cross-Site Scripting vulnerability in Playsms 0.8 Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter. network playsms | 4.3 |
| 2005-12-21 | CVE-2005-4431 | SQL-Injection vulnerability in Wowbb 1.65 SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. | 7.5 |