Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-02-21 | CVE-2005-0494 | Denial-Of-Service vulnerability in Thomson Cable Modem Tcw690 The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request. | 7.5 |
2005-02-21 | CVE-2005-0467 | Remote Security vulnerability in PUTTY Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated. | 7.5 |
2005-02-20 | CVE-2005-0499 | Denial-Of-Service vulnerability in Gigafast Router Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries. | 5.0 |
2005-02-19 | CVE-2005-0513 | Remote File Include vulnerability in Pmachine PRO 2.4 PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086. | 7.5 |
2005-02-19 | CVE-2005-0495 | Cross-Site Scripting vulnerability in Zeroboard Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php. network zeroboard | 4.3 |
2005-02-19 | CVE-2005-0092 | Multiple vulnerability in Red Hat Enterprise Linux Kernel Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash). | 2.1 |
2005-02-18 | CVE-2005-0519 | Unspecified vulnerability in Argosoft FTP Server ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520. | 10.0 |
2005-02-18 | CVE-2005-0502 | Directory Traversal vulnerability in Xinkaa web Station Xinkaa web Station 1.0.3 Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request. | 5.0 |
2005-02-18 | CVE-2005-0242 | Unspecified vulnerability in Yahoo Messenger The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions. | 4.6 |
2005-02-17 | CVE-2005-0462 | Cross-Site Scripting vulnerability in Mercuryboard 1.0/1.1/1.1.1 Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter. network mercuryboard | 4.3 |