Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-07 | CVE-2005-4048 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. | 7.5 |
2005-12-07 | CVE-2005-4047 | Cross-Site Scripting vulnerability in Iisworks Aspknowledgebase 2.0 Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter. network iisworks | 4.3 |
2005-12-07 | CVE-2005-4046 | Man In The Middle vulnerability in SUN products Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and "compromise data privacy." | 4.0 |
2005-12-07 | CVE-2005-4045 | Unspecified vulnerability in SUN Java Communications Services Delegated Administrator 6 Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly involving configure_toplevel_admin.ldif. | 7.5 |
2005-12-07 | CVE-2005-3191 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. | 5.1 |
2005-12-07 | CVE-2005-2931 | Remote Format String vulnerability in Ipswitch Imail Server and Ipswitch Collaboration Suite Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands. | 7.5 |
2005-12-07 | CVE-2005-2923 | Improper Input Validation vulnerability in Ipswitch Imail Server and Ipswitch Collaboration Suite The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. | 4.0 |
2005-12-07 | CVE-2005-3193 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. | 5.1 |
2005-12-06 | CVE-2005-4044 | Cross-Site Scripting vulnerability in Amazon Search Directory Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter. network mr-cgi-guy | 4.3 |
2005-12-06 | CVE-2005-4043 | SQL Injection vulnerability in Hobosworld HobSR SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters. | 7.5 |