Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-02 | CVE-2005-2496 | Unspecified vulnerability in Dave Mills Ntpd The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended. | 4.6 |
| 2005-09-02 | CVE-2005-1915 | Unspecified vulnerability in Log4Sh 1.2.3/1.2.4/1.2.5 The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames. | 2.1 |
| 2005-09-02 | CVE-2005-2766 | Unspecified vulnerability in Symantec Norton Antivirus 9.0.1.1.1000/9.0.4 Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server. | 2.1 |
| 2005-09-01 | CVE-2005-2765 | Local Security vulnerability in Microsoft Windows 2003 Server and Windows XP The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. | 2.1 |
| 2005-09-01 | CVE-2005-0403 | Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure. | 7.2 |
| 2005-08-31 | CVE-2005-2761 | Unspecified vulnerability in PHPgroupware 0.9.16.000 Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message. network phpgroupware | 4.3 |
| 2005-08-30 | CVE-2005-2655 | Unspecified vulnerability in Maildrop lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. | 10.0 |
| 2005-08-30 | CVE-2005-2654 | Unspecified vulnerability in PHPldapadmin Project PHPldapadmin phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set. | 7.5 |
| 2005-08-30 | CVE-2005-2737 | Unspecified vulnerability in Photopost PHP PRO 5.1 Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. network photopost | 4.3 |
| 2005-08-30 | CVE-2005-2736 | Unspecified vulnerability in Yapig Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. network yapig | 4.3 |