Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0818 | Unspecified vulnerability in Punbb 1.2.3 Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters. network punbb | 4.3 |
2005-05-02 | CVE-2005-0817 | Unspecified vulnerability in Symantec products Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. | 5.0 |
2005-05-02 | CVE-2005-0816 | Local Buffer Overflow vulnerability in Sun Solaris NewGRP Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges. | 7.2 |
2005-05-02 | CVE-2005-0815 | ISO9660 Filesystem Handling vulnerability in Linux Kernel Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. | 6.4 |
2005-05-02 | CVE-2005-0814 | Unspecified vulnerability in Lysator LSH Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors. | 5.0 |
2005-05-02 | CVE-2005-0813 | Remote Buffer Overflow vulnerability in Initial Redirect Initial Redirect Squid Proxy Plug-In 0.1/0.2 Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors. | 5.0 |
2005-05-02 | CVE-2005-0812 | Multiple vulnerability in Notify Technology Notifylink Enterpriseserver The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information. | 5.0 |
2005-05-02 | CVE-2005-0811 | Multiple vulnerability in Notify Technology Notifylink Enterpriseserver The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs. | 4.6 |
2005-05-02 | CVE-2005-0810 | Multiple vulnerability in Notify Technology Notifylink Enterpriseserver SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL. | 7.5 |
2005-05-02 | CVE-2005-0809 | Multiple vulnerability in Notify Technology Notifylink Enterpriseserver NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack. | 7.5 |