Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-08 | CVE-2005-4068 | Absolute Path Security vulnerability in IBM AIX 5.1/5.2/5.3 Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors. | 7.2 |
| 2005-12-08 | CVE-2005-3192 | Buffer Errors vulnerability in Xpdf 3.0.1 Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. | 7.5 |
| 2005-12-07 | CVE-2005-4066 | Cryptographic Issues vulnerability in Christian Ghisler Total Commander 6.53 Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm. | 4.9 |
| 2005-12-07 | CVE-2005-4065 | SQL Injection vulnerability in Edgewall Software Trac Search Module SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2005-12-07 | CVE-2005-4064 | SQL Injection vulnerability in Alan Ward A-Faq 1.0 Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp. | 7.5 |
| 2005-12-07 | CVE-2005-4063 | Cross-Site Scripting vulnerability in NetauctionHelp Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp. network netauctionhelp | 4.3 |
| 2005-12-07 | CVE-2005-4062 | Cross-Site Scripting vulnerability in XcClassified CPSearch.ASP Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters. network xcent | 4.3 |
| 2005-12-07 | CVE-2005-4061 | Cross-Site Scripting vulnerability in XcPhotoAlbum PASearch.ASP Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers to inject arbitrary web script or HTML via the search parameters. network xcent | 4.3 |
| 2005-12-07 | CVE-2005-4060 | Cross-Site Scripting vulnerability in Rainworx Rwauction PRO 4.0/5.0 Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. | 4.3 |
| 2005-12-07 | CVE-2005-4059 | Unspecified vulnerability in Locazo Locazolist SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to execute arbitrary SQL commands via the q parameter. | 7.5 |