Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-05 | CVE-2005-3140 | Cleartext Transmission of Sensitive Information vulnerability in Procom Netforce 800 Firmware 4.02 Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes. | 7.5 |
| 2005-10-05 | CVE-2005-3139 | Information Disclosure vulnerability in Bugzilla User-Matching Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. | 5.0 |
| 2005-10-05 | CVE-2005-3138 | Information Disclosure vulnerability in Bugzilla config.cgi Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. | 5.0 |
| 2005-10-05 | CVE-2005-2966 | Remote Arbitrary Code Execution vulnerability in DIA 0.91/0.92.2/0.93 The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file. | 5.1 |
| 2005-10-05 | CVE-2005-0023 | Unspecified vulnerability in Gnome Libvte4 and Libzvt2 gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. | 2.1 |
| 2005-10-05 | CVE-2005-3137 | Unspecified vulnerability in GNU Cfengine 1.6.5 The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. | 2.1 |
| 2005-10-05 | CVE-2005-2961 | Buffer Overflow vulnerability in Prozilla Download Accelerator 1.3.7.4 Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag. | 7.5 |
| 2005-10-05 | CVE-2005-2960 | cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | 2.1 |
| 2005-10-05 | CVE-2005-2758 | Buffer Overflow vulnerability in Symantec products Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. | 10.0 |
| 2005-10-04 | CVE-2005-3136 | Directory Traversal vulnerability in Virtools Web Player Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. | 5.0 |