Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-01 | CVE-2005-2757 | Multiple vulnerability in RETIRED: Apple Mac OS X Security Update 2005-009 Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs." | 7.5 |
2005-11-30 | CVE-2005-3929 | Directory Traversal vulnerability in Xaraya Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php. | 5.0 |
2005-11-30 | CVE-2005-3928 | Local Buffer Overflow vulnerability in QNX Rtos 6.2.1/6.3.0 Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users to execute arbitrary code via a long command line argument. | 4.6 |
2005-11-30 | CVE-2005-3927 | Local File Include and Information Disclosure vulnerability in GuppY Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php. | 6.4 |
2005-11-30 | CVE-2005-3926 | Remote File Include and Command Execution vulnerability in GuppY Error.PHP Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script. | 7.5 |
2005-11-30 | CVE-2005-3925 | SQL Injection vulnerability in Helpdesk Issue Manager Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php. | 7.5 |
2005-11-30 | CVE-2005-3923 | Information Disclosure vulnerability in Netobjects Fusion 9 NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site. | 5.0 |
2005-11-30 | CVE-2005-3922 | Heap Overflow vulnerability in Panda Software Antivirus Library ZOO Archive Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive. | 7.5 |
2005-11-30 | CVE-2005-3921 | HTML Injection vulnerability in Cisco IOS HTTP Service Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. | 2.6 |
2005-11-30 | CVE-2005-3920 | SQL Injection vulnerability in Babe Logger Babe Logger 2 SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php. | 7.5 |