Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2005-12-09 CVE-2005-4133 Unspecified vulnerability in SUN Solaris 10.0
Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.
local
low complexity
sun
2.1
2005-12-09 CVE-2005-4132 Remote Command Execution vulnerability in Contenido Contendio 4.5.2Alpha/4.5.6Beta/4.6.0
Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and allow_url_fopen is true, has unspecified impact and attack vectors.
network
low complexity
contenido
7.5
2005-12-09 CVE-2005-4130 Unspecified vulnerability in Realnetworks Realplayer
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208.
network
low complexity
realnetworks
7.5
2005-12-09 CVE-2005-4126 Remote Code Execution vulnerability in Real Networks RealPlayer
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208.
network
low complexity
realnetworks
7.5
2005-12-08 CVE-2005-4095 Directory Traversal vulnerability in Docebolms 2.0.4
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.
network
low complexity
docebolms
5.0
2005-12-08 CVE-2005-4094 Unspecified vulnerability in Docebolms 2.0.4
connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script.
network
low complexity
docebolms
7.5
2005-12-08 CVE-2005-4092 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Quicktime
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files.
network
low complexity
apple CWE-119
7.5
2005-12-08 CVE-2005-4091 Cross-Site Scripting vulnerability in 1-Script 1-Search 1.8
Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
network
1-script
4.3
2005-12-08 CVE-2005-4090 IPSec Unauthorized Remote Access vulnerability in HP-UX
Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.
network
low complexity
hp
critical
10.0
2005-12-08 CVE-2005-4089 Permissions, Privileges, and Access Controls vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
network
microsoft CWE-264
7.1