Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-18 | CVE-2005-1653 | Input Validation and Information Disclosure vulnerability in Woppoware Postmaster 4.2.2Build3.2.5 Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter. network woppoware | 6.8 |
2005-05-18 | CVE-2005-1652 | Input Validation and Information Disclosure vulnerability in Woppoware Postmaster 4.2.2Build3.2.5 message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter. | 7.5 |
2005-05-18 | CVE-2005-1651 | Input Validation and Information Disclosure vulnerability in Woppoware Postmaster 4.2.2Build3.2.5 Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a .. | 7.5 |
2005-05-18 | CVE-2005-1649 | Denial of Service vulnerability in Microsoft Windows 2003 Server and Windows XP The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016). | 5.0 |
2005-05-18 | CVE-2005-1648 | Remote Security vulnerability in Gurgens Ultimate Forum 2.1 Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords. | 7.5 |
2005-05-18 | CVE-2005-1647 | Remote Security vulnerability in Gurgens Guest Book 2.1 Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords. | 7.5 |
2005-05-18 | CVE-2005-1646 | Denial-Of-Service vulnerability in Fastream Netfile FTP web Server 7.4.6 The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service. | 7.5 |
2005-05-18 | CVE-2005-1645 | Unspecified vulnerability in Keyvan1 Imagegallery Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | 5.0 |
2005-05-18 | CVE-2005-1644 | HTML Injection vulnerability in 1Two Livre D OR 1.0 Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters. network 1two | 6.8 |
2005-05-18 | CVE-2005-0757 | Denial Of Service vulnerability in Linux Kernel 64 Bit EXT3 Filesystem Extended Attribute The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled. | 2.1 |