Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-27 | CVE-2005-1787 | Improper Input Validation vulnerability in PHPstat setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable. | 7.5 |
| 2005-05-27 | CVE-2005-1784 | Remote Security vulnerability in Hosting Controller 6.1.0 Hotfix 3.2 Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp. | 7.5 |
| 2005-05-26 | CVE-2005-1828 | Cleartext Storage of Sensitive Information vulnerability in Dlink Dsl-504T Firmware D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2005-05-26 | CVE-2005-1801 | Remote Denial of Service vulnerability in Nokia 9500 vCard Viewer The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it. | 2.6 |
| 2005-05-26 | CVE-2005-1797 | Unspecified vulnerability in Openssl The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. | 5.1 |
| 2005-05-26 | CVE-2005-1782 | Cross-Site Scripting vulnerability in W.M.R. Simpson Bookreview 1.0 Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. network w-m-r-simpson | 4.3 |
| 2005-05-26 | CVE-2005-1523 | Remote Format String vulnerability in GNU Mailutils 0.5/0.6 Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. | 7.5 |
| 2005-05-26 | CVE-2005-1522 | Remote Denial of Service vulnerability in GNU Mailutils 0.5/0.6 The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | 5.0 |
| 2005-05-26 | CVE-2005-1521 | Remote Integer Overflow vulnerability in GNU Mailutils 0.5/0.6 Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow. | 7.5 |
| 2005-05-26 | CVE-2005-1520 | Buffer Overflow vulnerability in GNU Mailutils 0.5/0.6 Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail. | 7.5 |