Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-27 | CVE-2005-2384 | Directory Traversal vulnerability in Alwil Avast Antivirus 4.6.460/4.6.665 Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. | 5.0 |
| 2005-07-27 | CVE-2005-2335 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. | 5.0 |
| 2005-07-26 | CVE-2005-2383 | SQL Injection vulnerability in PHPnews 1.2.5 SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the user parameter in an HTTP POST request. | 7.5 |
| 2005-07-26 | CVE-2005-2382 | Local Privilege Escalation vulnerability in Oray Peanuthull 3.0.1.0 Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality. | 7.2 |
| 2005-07-26 | CVE-2005-2381 | Information Disclosure vulnerability in PHP Surveyor PHP Surveyor 0.98 PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php, (2) survey.php, or (3) group.php in the root directory, a direct request to (4) database.php, (5) sessioncontrol.php, (6) html.php, (7) sessioncontrol.php, an invalid (8) qid parameter to dumpquestion.php, or an invalid lid parameter to (9) labels.php or (10) dumplabel.php, which reveal the path in an error message. | 5.0 |
| 2005-07-26 | CVE-2005-2380 | Cross-Site Scripting vulnerability in PHP Surveyor PHP Surveyor 0.98 Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php. | 5.0 |
| 2005-07-26 | CVE-2005-2379 | Cross-Site Scripting vulnerability in Oracle Reports 9.0.2 Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. network oracle | 4.3 |
| 2005-07-26 | CVE-2005-2378 | Path Traversal vulnerability in Oracle Reports Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. | 5.0 |
| 2005-07-26 | CVE-2005-2377 | Denial-Of-Service vulnerability in Mandrakesoft Mandrake Linux and Mandrake Linux Corporate Server nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. | 5.0 |
| 2005-07-26 | CVE-2005-2376 | Denial-Of-Service vulnerability in Toca Race Driver Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via a long (1) nickname or (2) chat message. | 5.0 |