Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-20 | CVE-2005-3346 | Buffer Overflow vulnerability in OSH 1.7.14 Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call. | 7.2 |
| 2005-11-20 | CVE-2005-3694 | Remote Denial of Service vulnerability in Centericq 4.20.0R3 centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus. | 7.8 |
| 2005-11-19 | CVE-2005-3693 | Remote Security vulnerability in Axwebremovectrl The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm MediaMax DRM allows remote attackers to download and execute arbitrary code, a similar vulnerability to CVE-2005-3650. | 9.3 |
| 2005-11-19 | CVE-2005-3692 | Input Validation vulnerability in Amax Information Technologies Magic Winmail Server 4.2 Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments. network amax-information-technologies | 4.3 |
| 2005-11-19 | CVE-2005-3691 | Directory Traversal vulnerability in MailEnable IMAP Command Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename commands. | 5.0 |
| 2005-11-19 | CVE-2005-3690 | Buffer Overflow vulnerability in MailEnable IMAP Mailbox Name Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe, or (6) unsubscribe commands. | 7.5 |
| 2005-11-19 | CVE-2005-3687 | cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter. | 5.0 |
| 2005-11-19 | CVE-2005-3686 | SQL Injection vulnerability in Newsboard Unclassified Newsboard SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php. | 7.5 |
| 2005-11-19 | CVE-2005-3685 | HTML Injection vulnerability in Virtual Programming Vp-Asp 5.50 Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. network virtual-programming | 4.3 |
| 2005-11-19 | CVE-2005-3684 | Buffer Overflow vulnerability in Freeftpd 1.0.8 Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands. | 7.5 |