Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-18 | CVE-2005-0515 | Local Insecure File Creation vulnerability in Webroot Software MY Firewall Plus 5.0 Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files. | 2.1 |
2005-05-18 | CVE-2005-0134 | Unspecified vulnerability in SCO Unixware 7.1.1/7.1.3/7.1.4 The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets. | 4.6 |
2005-05-17 | CVE-2005-1643 | Denial-Of-Service vulnerability in Zoidcom The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and earlier allows remote attackers to cause a denial of service via a crafted UDP packet with a large size value, which causes a memory allocation error or an out-of-bounds read. | 5.0 |
2005-05-17 | CVE-2005-1642 | Unspecified vulnerability in Woltlab Burning Board 2.0 SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable. | 7.5 |
2005-05-17 | CVE-2005-1641 | Unspecified vulnerability in the Ignition Project Ignitionserver mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service. | 2.1 |
2005-05-17 | CVE-2005-1640 | Security Bypass vulnerability in ignitionServer mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions. | 7.5 |
2005-05-17 | CVE-2005-1638 | Unspecified vulnerability in Pixel-Apes Group Safehtml The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection. network pixel-apes-group | 4.3 |
2005-05-17 | CVE-2005-1637 | Unspecified vulnerability in Npds 4.8/5.0 Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php. | 7.5 |
2005-05-17 | CVE-2005-1636 | mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. | 4.6 |
2005-05-17 | CVE-2005-1635 | Remote Security vulnerability in Jgs-Portal JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain the full server path via direct requests to (1) jgs_portal_ref.php, (2) jgs_portal_land.php, (3) jgs_portal_log.php, (4) jgs_portal_global_sponsor.php, (5) jgs_portal_global.php, (6) jgs_portal_system.php, (7) jgs_portal_views.php; or multiple files in the jgs_portal_include directory, including (8) jgs_portal_boardmenue.php, (9) jgs_portal_forenliste.php, (10) jgs_portal_geburtstag.php, (11) jgs_portal_guckloch.php, (12) jgs_portal_kalender.php, (13) jgs_portal_letztethemen.php, (14) jgs_portal_links.php, (15) jgs_portal_neustemember.php, (16) jgs_portal_newsboard.php, (17) jgs_portal_online.php, (18) jgs_portal_pn.php, (19) jgs_portal_portalmenue.php, (20) jgs_portal_styles.php, (21) jgs_portal_suchen.php, (22) jgs_portal_team.php, (23) jgs_portal_topforen.php, (24) jgs_portal_topposter.php, (25) jgs_portal_umfrage.php, (26) jgs_portal_useravatar.php, (27) jgs_portal_waronline.php, (28) jgs_portal_woonline.php, or (29) jgs_portal_zufallsavatar.php. | 5.0 |