Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-09 | CVE-2005-4133 | Unspecified vulnerability in SUN Solaris 10.0 Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files. | 2.1 |
2005-12-09 | CVE-2005-4132 | Remote Command Execution vulnerability in Contenido Contendio 4.5.2Alpha/4.5.6Beta/4.6.0 Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and allow_url_fopen is true, has unspecified impact and attack vectors. | 7.5 |
2005-12-09 | CVE-2005-4130 | Unspecified vulnerability in Realnetworks Realplayer ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. | 7.5 |
2005-12-09 | CVE-2005-4126 | Remote Code Execution vulnerability in Real Networks RealPlayer ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. | 7.5 |
2005-12-08 | CVE-2005-4095 | Directory Traversal vulnerability in Docebolms 2.0.4 Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command. | 5.0 |
2005-12-08 | CVE-2005-4094 | Unspecified vulnerability in Docebolms 2.0.4 connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script. | 7.5 |
2005-12-08 | CVE-2005-4092 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Quicktime Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. | 7.5 |
2005-12-08 | CVE-2005-4091 | Cross-Site Scripting vulnerability in 1-Script 1-Search 1.8 Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter. network 1-script | 4.3 |
2005-12-08 | CVE-2005-4090 | IPSec Unauthorized Remote Access vulnerability in HP-UX Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact. | 10.0 |
2005-12-08 | CVE-2005-4089 | Permissions, Privileges, and Access Controls vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." | 7.1 |