Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-21 | CVE-2005-3277 | Unspecified vulnerability in HP Hp-Ux 10.20/11.00/11.11 The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473. | 10.0 |
| 2005-10-21 | CVE-2005-2126 | Unspecified vulnerability in Microsoft products The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. | 2.6 |
| 2005-10-21 | CVE-2005-2122 | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. | 10.0 |
| 2005-10-21 | CVE-2005-2118 | Remote Code Execution Variant vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. | 5.1 |
| 2005-10-21 | CVE-2005-2117 | Unspecified vulnerability in Microsoft products Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. | 5.1 |
| 2005-10-21 | CVE-2005-3274 | NULL Pointer Dereference vulnerability in multiple products Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. | 4.7 |
| 2005-10-21 | CVE-2005-3270 | Local Privilege Escalation vulnerability in Symantec Norton Antivirus 9.0.3 Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. | 7.2 |
| 2005-10-20 | CVE-2005-3269 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN products Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges. | 7.5 |
| 2005-10-20 | CVE-2005-3268 | Unspecified vulnerability in Raphael Bossek Yiff Server 2.14.2.7 yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files. | 2.1 |
| 2005-10-20 | CVE-2005-3121 | Unspecified vulnerability in Eduard Bloch Module-Assistant A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations. | 2.1 |