Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-19 | CVE-2005-1672 | Unspecified vulnerability in Ubertec Help Center Live Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket. network ubertec | 4.3 |
2005-05-19 | CVE-2005-1671 | Information Disclosure vulnerability in Messenger The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users. | 2.1 |
2005-05-19 | CVE-2005-1670 | Local Security vulnerability in ExtremeWare XOS Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands. | 4.6 |
2005-05-19 | CVE-2005-1472 | Unspecified vulnerability in Apple mac OS X 10.4.1 Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories. | 2.1 |
2005-05-19 | CVE-2005-1455 | Buffer Overflow vulnerability in Freeradius 1.0.2 Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash). | 7.5 |
2005-05-19 | CVE-2005-1454 | SQL Injection vulnerability in Freeradius 1.0.2 SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. | 7.5 |
2005-05-19 | CVE-2005-1260 | Resource Exhaustion vulnerability in multiple products bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | 5.0 |
2005-05-19 | CVE-2005-0392 | Local Privilege Escalation vulnerability in PPXP ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. | 7.2 |
2005-05-19 | CVE-2005-0040 | HTML Injection vulnerability in DotNetNuke User Registration Information Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log. network dotnetnuke | 4.3 |
2005-05-18 | CVE-2005-1667 | Remote Denial of Service vulnerability in Datatrac Activity Console 1.1 DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. | 5.0 |