Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-01-27 | CVE-2004-0884 | Remote And Local vulnerability in Cyrus SASL The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs. | 7.2 |
2005-01-27 | CVE-2004-0882 | Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. | 10.0 |
2005-01-27 | CVE-2004-0881 | getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. | 2.1 |
2005-01-27 | CVE-2004-0880 | getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. | 1.2 |
2005-01-26 | CVE-2005-0162 | Remote Buffer Overflow vulnerability in Xelerance Corporation Openswan XAUTH/PAM Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. | 7.2 |
2005-01-26 | CVE-2004-1340 | Unspecified vulnerability in Debian Linux 3.0 Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information. | 2.1 |
2005-01-26 | CVE-2003-1021 | Local Command Line Buffer Overflow vulnerability in SCO scosession The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline. | 7.2 |
2005-01-25 | CVE-2005-0309 | Cross-Site Scripting vulnerability in Exponent 0.95 Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter. network exponent | 4.3 |
2005-01-25 | CVE-2005-0307 | Input Validation vulnerability in Mercuryboard 1.1/1.1.1 Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters. network mercuryboard | 4.3 |
2005-01-25 | CVE-2005-0306 | Input Validation vulnerability in Mercuryboard 1.1/1.1.1 MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message. | 5.0 |