Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-07-11 | CVE-2005-2186 | Cross-Site Scripting vulnerability in IntruShield Security Management System Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp. local mcafee | 1.9 |
2005-07-11 | CVE-2005-2185 | Remote Security vulnerability in Eroom eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. | 7.5 |
2005-07-11 | CVE-2005-2184 | Remote Security vulnerability in Eroom eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. | 7.5 |
2005-07-11 | CVE-2005-2183 | Security Bypass vulnerability in PHPxmail 0.7/1.1 class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access. | 7.5 |
2005-07-11 | CVE-2005-2182 | Improper Verification of Cryptographic Signature vulnerability in Grandstream Bt-100 Firmware Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
2005-07-11 | CVE-2005-2181 | Improper Verification of Cryptographic Signature vulnerability in Cisco IP Phone 7940 Firmware and IP Phone 7960 Firmware Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
2005-07-11 | CVE-2005-2180 | Local Security vulnerability in Gnats 4.0/4.1.0 gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | 2.1 |
2005-07-11 | CVE-2005-2179 | Remote Security vulnerability in JAWS PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter. | 5.0 |
2005-07-11 | CVE-2005-2178 | Remote Security vulnerability in Probe.Cgi probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the olddat parameter. | 7.5 |
2005-07-11 | CVE-2005-2177 | Improper Input Validation vulnerability in Net-Snmp Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. | 5.0 |