Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-18 | CVE-2005-1644 | HTML Injection vulnerability in 1Two Livre D OR 1.0 Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters. network 1two | 6.8 |
2005-05-18 | CVE-2005-0757 | Denial Of Service vulnerability in Linux Kernel 64 Bit EXT3 Filesystem Extended Attribute The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled. | 2.1 |
2005-05-18 | CVE-2005-0515 | Local Insecure File Creation vulnerability in Webroot Software MY Firewall Plus 5.0 Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files. | 2.1 |
2005-05-18 | CVE-2005-0134 | Unspecified vulnerability in SCO Unixware 7.1.1/7.1.3/7.1.4 The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets. | 4.6 |
2005-05-17 | CVE-2005-1643 | Denial-Of-Service vulnerability in Zoidcom The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and earlier allows remote attackers to cause a denial of service via a crafted UDP packet with a large size value, which causes a memory allocation error or an out-of-bounds read. | 5.0 |
2005-05-17 | CVE-2005-1642 | Unspecified vulnerability in Woltlab Burning Board 2.0 SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable. | 7.5 |
2005-05-17 | CVE-2005-1641 | Unspecified vulnerability in the Ignition Project Ignitionserver mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service. | 2.1 |
2005-05-17 | CVE-2005-1640 | Security Bypass vulnerability in ignitionServer mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions. | 7.5 |
2005-05-17 | CVE-2005-1638 | Unspecified vulnerability in Pixel-Apes Group Safehtml The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection. network pixel-apes-group | 4.3 |
2005-05-17 | CVE-2005-1637 | Unspecified vulnerability in Npds 4.8/5.0 Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php. | 7.5 |