Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-09-16 | CVE-2005-2950 | Cross-Site Scripting vulnerability in Sawmill Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request. network sawmill | 4.3 |
2005-09-16 | CVE-2005-2949 | Authentication Bypass vulnerability in Mark D. Roth PAM PER User 0.1/0.2/0.3 pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login. | 7.5 |
2005-09-16 | CVE-2005-2948 | KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess. | 2.1 |
2005-09-16 | CVE-2005-2947 | Local Privilege Escalation vulnerability in KillProcess Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource. | 5.1 |
2005-09-16 | CVE-2005-2946 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. | 7.5 |
2005-09-16 | CVE-2005-2657 | Unspecified vulnerability in Common-Lisp-Controller 4.18 Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before. | 4.6 |
2005-09-16 | CVE-2005-2945 | Unspecified vulnerability in ARC arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c). | 2.1 |
2005-09-16 | CVE-2005-2944 | Local Security vulnerability in Brent ELY Gnome Workstation Command Center 0.9.8 The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt temporary file. | 4.6 |
2005-09-16 | CVE-2005-2877 | Remote Arbitrary Command Execution vulnerability in TWiki TWikiUsers The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers. | 7.5 |
2005-09-15 | CVE-2005-2935 | Local Security vulnerability in Microsoft AntiSpyware Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. | 4.6 |