Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2005-06-14 CVE-2005-1207 Unspecified vulnerability in Microsoft Windows 2003 Server and Windows XP
Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
local
low complexity
microsoft
7.2
2005-06-14 CVE-2005-1206 Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
network
low complexity
microsoft
7.5
2005-06-14 CVE-2005-1205 Remote Information Disclosure vulnerability in Multiple Vendor Telnet Client
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
network
low complexity
microsoft
5.0
2005-06-14 CVE-2005-0563 Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5
Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc
ript:") in an IMG tag.
network
microsoft CWE-79
4.3
2005-06-14 CVE-2005-0488 Remote Information Disclosure vulnerability in Multiple Vendor Telnet Client
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
network
low complexity
microsoft mit sun
5.0
2005-06-13 CVE-2005-1972 SQL-Injection vulnerability in Interactivephp Fusionbb 11Beta
Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 Beta and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username, which is not properly handled by the insertUser function, or (2) the bb_session_id value in a cookie.
network
low complexity
interactivephp
7.5
2005-06-13 CVE-2005-1936 Remote Authentication Bypass vulnerability in Xerox Document Centre ESS/Network Controller Web Server
Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access."
network
low complexity
xerox
7.5
2005-06-13 CVE-2005-1935 Remote Security vulnerability in Windows NT Terminal Server
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818.
network
low complexity
microsoft
7.5
2005-06-13 CVE-2005-1933 Remote Security vulnerability in Apple mac OS X 10.4
Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier (CFBundleIdentifier), a different vulnerability than CVE-2005-1474.
network
low complexity
apple
7.5
2005-06-13 CVE-2005-1760 Information Disclosure vulnerability in RedHat Linux SysReport Proxy
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.
network
low complexity
redhat
7.5