Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1041 | Local Denial of Service vulnerability in Linux Kernel 2.6.20.1 The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route. | 2.1 |
| 2005-05-02 | CVE-2005-1040 | Unspecified vulnerability in Novell Linux Desktop 9 Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification." | 7.2 |
| 2005-05-02 | CVE-2005-1039 | Local Race Condition vulnerability in GNU Coreutils 5.2.1 Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. | 3.7 |
| 2005-05-02 | CVE-2005-1038 | crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. | 2.1 |
| 2005-05-02 | CVE-2005-1037 | Unspecified vulnerability in IBM AIX 5.3.0 Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. | 10.0 |
| 2005-05-02 | CVE-2005-1036 | Missing Initialization of Resource vulnerability in Freebsd FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. | 7.8 |
| 2005-05-02 | CVE-2005-1034 | Denial of Service vulnerability in Netwin Surgeftp 2.2K3/2.2M1 SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | 5.0 |
| 2005-05-02 | CVE-2005-1033 | Unspecified vulnerability in Devellion Cubecart 2.0.6 CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1031 | Remote Arbitrary File Upload vulnerability in RunCMS RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. | 5.0 |
| 2005-05-02 | CVE-2005-1030 | Cross-Site Scripting vulnerability in Active web Softwares Active Auction House 7.1 Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp. network active-web-softwares | 4.3 |