Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-16 | CVE-2005-1590 | Local Security vulnerability in Deployment Solution The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. | 4.6 |
| 2005-05-16 | CVE-2005-1367 | Unspecified vulnerability in Pico Server Pico Server Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root. | 7.5 |
| 2005-05-16 | CVE-2005-1366 | Remote Source Code Disclosure vulnerability in PServ Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL. | 7.5 |
| 2005-05-16 | CVE-2005-1365 | Directory Traversal vulnerability in Pserv Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences. | 10.0 |
| 2005-05-16 | CVE-2005-1248 | Buffer Overflow vulnerability in Apple iTunes MPEG4 Parsing Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. | 7.5 |
| 2005-05-16 | CVE-2005-1193 | Unspecified vulnerability in PHPbb Group PHPbb The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag. | 7.5 |
| 2005-05-14 | CVE-2005-1587 | Cross-Site Scripting vulnerability in Open Solution Quick.Cart 0.3.0 Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter. network open-solution | 4.3 |
| 2005-05-14 | CVE-2005-1586 | Information Disclosure vulnerability in Open Solution Quick.Forum 2.1.6 Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. | 5.0 |
| 2005-05-14 | CVE-2005-1584 | HTML Injection vulnerability in Open Solution Quick.Forum 2.1.6 Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action. network open-solution | 4.3 |
| 2005-05-14 | CVE-2005-1583 | Remote Security vulnerability in 1Two News 1.0 1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php. | 5.0 |