Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-18 | CVE-2005-2936 | Permissions, Privileges, and Access Controls vulnerability in Realnetworks Realone Player and Realplayer Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file. | 7.2 |
| 2005-11-18 | CVE-2005-2929 | Permissions, Privileges, and Access Controls vulnerability in University of Kansas Lynx 2.8.5/2.8.6/2.8.6Dev13 Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments. | 7.5 |
| 2005-11-18 | CVE-2005-1925 | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1/1.9.0 Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. | 7.5 |
| 2005-11-18 | CVE-2005-3662 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Greg Roelofs Pnmtopng Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors. | 4.6 |
| 2005-11-18 | CVE-2005-3348 | Cross-Site Request Forgery (CSRF) vulnerability in PHPsysinfo HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter. | 4.3 |
| 2005-11-18 | CVE-2005-3347 | Path Traversal vulnerability in PHPgroupware 0.9.16 Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. | 6.8 |
| 2005-11-18 | CVE-2005-3189 | Directory Traversal vulnerability in Qualcomm Worldmail Imap Server 3.0 Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command. | 5.0 |
| 2005-11-17 | CVE-2005-3650 | Code Injection vulnerability in First4Internet XCP DRM First4Internet XCP DRM The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode. | 9.3 |
| 2005-11-17 | CVE-2005-3649 | Remote Security vulnerability in Moodle 1.5.2 jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter. | 2.6 |
| 2005-11-17 | CVE-2005-3648 | Unspecified vulnerability in Moodle 1.5.2 Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php. | 7.5 |