Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-09 | CVE-2005-2871 | Remote Buffer Overflow vulnerability in Mozilla/Netscape/Firefox Browsers Domain Name Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | 7.5 |
| 2005-09-08 | CVE-2005-2870 | Remote Security vulnerability in SUN Solaris 10.0 Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses. | 7.5 |
| 2005-09-08 | CVE-2005-2869 | Unspecified vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. network phpmyadmin | 4.3 |
| 2005-09-08 | CVE-2005-2867 | SQL Injection vulnerability in BlueWhaleCRM AccountID SQL injection vulnerability in BlueWhaleCRM allows remote attackers to execute arbitrary SQL commands via the Account ID field. | 7.5 |
| 2005-09-08 | CVE-2005-2866 | Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles registry key, which allows local users to gain privileges. | 4.6 |
| 2005-09-08 | CVE-2005-2865 | Remote Security vulnerability in Amember 2.3.4 Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.php, (3) theinternetcommerce.inc.php, (4) cdg.inc.php, (5) compuworld.inc.php, (6) directone.inc.php, (7) authorize_aim.inc.php, (8) beanstream.inc.php, (9) config.inc.php, (10) eprocessingnetwork.inc.php, (11) eway.inc.php, (12) linkpoint.inc.php, (13) logiccommerce.inc.php, (14) netbilling.inc.php, (15) payflow_pro.inc.php, (16) paymentsgateway.inc.php, (17) payos.inc.php, (18) payready.inc.php, or (19) plugnplay.inc.php. | 7.5 |
| 2005-09-08 | CVE-2005-2864 | Local Security vulnerability in Urban URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files. | 2.1 |
| 2005-09-08 | CVE-2005-2863 | Cross-Site Scripting vulnerability in Open Webmail Open Webmail 2.41 Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. network open-webmail | 4.3 |
| 2005-09-08 | CVE-2005-2862 | Remote Security vulnerability in Road Runner Adsl Road Runner Modem Annexa ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access. | 7.5 |
| 2005-09-08 | CVE-2005-2861 | HTML Injection vulnerability in N-Stalker N-Stealth Commercial5.8/Free5.8 Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. network n-stalker | 4.3 |