Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-02-14 | CVE-2005-0411 | Unspecified vulnerability in Citrusdb Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. | 7.5 |
| 2005-02-14 | CVE-2005-0410 | Unspecified vulnerability in Citrusdb SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file. | 5.0 |
| 2005-02-14 | CVE-2005-0409 | Unspecified vulnerability in Citrusdb CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities. | 6.4 |
| 2005-02-14 | CVE-2005-0408 | Use of Password Hash With Insufficient Computational Effort vulnerability in Citrusdb 0.3.6 CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable. | 9.8 |
| 2005-02-14 | CVE-2005-0406 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Image Processing Project Image Processing A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image. | 5.5 |
| 2005-02-12 | CVE-2005-0430 | Remote Denial of Service vulnerability in ID Software Quake 3 Engine Infostring Query The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow. | 5.0 |
| 2005-02-11 | CVE-2005-0114 | Local Denial of Service vulnerability in Zone Labs ZoneAlarm vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer. | 2.1 |
| 2005-02-11 | CVE-2005-0074 | Local Buffer Overflow vulnerability in Xpcd 2.08 Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code. | 7.2 |
| 2005-02-10 | CVE-2005-0364 | Denial-Of-Service vulnerability in HP Hp-Ux 11.00/11.11/11.23 Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service. | 5.0 |
| 2005-02-10 | CVE-2005-0261 | Local File Disclosure vulnerability in IBM AIX LSPath Unauthorized lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files. | 2.1 |