Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-19 | CVE-2005-1670 | Local Security vulnerability in ExtremeWare XOS Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands. | 4.6 |
| 2005-05-19 | CVE-2005-1472 | Unspecified vulnerability in Apple mac OS X 10.4.1 Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories. | 2.1 |
| 2005-05-19 | CVE-2005-1455 | Buffer Overflow vulnerability in Freeradius 1.0.2 Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash). | 7.5 |
| 2005-05-19 | CVE-2005-1454 | SQL Injection vulnerability in Freeradius 1.0.2 SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. | 7.5 |
| 2005-05-19 | CVE-2005-1260 | Resource Exhaustion vulnerability in multiple products bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | 5.0 |
| 2005-05-19 | CVE-2005-0392 | Local Privilege Escalation vulnerability in PPXP ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. | 7.2 |
| 2005-05-19 | CVE-2005-0040 | HTML Injection vulnerability in DotNetNuke User Registration Information Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log. network dotnetnuke | 4.3 |
| 2005-05-18 | CVE-2005-1667 | Remote Denial of Service vulnerability in Datatrac Activity Console 1.1 DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. | 5.0 |
| 2005-05-18 | CVE-2005-1666 | Remote Buffer Overflow vulnerability in Orenosv HTTP/FTP Server FTP Commands Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe. | 7.5 |
| 2005-05-18 | CVE-2005-1665 | Denial-Of-Service vulnerability in ASP.Net 1.0/1.1 The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup. | 5.0 |