Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0265 | Cross-Site Scripting and SQL Injection vulnerability in OWL Intranet Engine 0.7/0.8 Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter. | 7.5 |
2005-05-02 | CVE-2005-0264 | Cross-Site Scripting and SQL Injection vulnerability in Owl Intranet Engine Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter. network owl | 4.3 |
2005-05-02 | CVE-2005-0263 | Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3 Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument. | 7.2 |
2005-05-02 | CVE-2005-0262 | Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3 Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument. | 7.2 |
2005-05-02 | CVE-2005-0260 | Unspecified vulnerability in Broadcom Brightstor Arcserve Backup 11.1 Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call. | 10.0 |
2005-05-02 | CVE-2005-0256 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Washington University Wu-Ftpd 2.6.1/2.6.2 The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. | 5.0 |
2005-05-02 | CVE-2005-0255 | Remote vulnerability in Mozilla Firefox, Mozilla and Thunderbird String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption. | 5.0 |
2005-05-02 | CVE-2005-0250 | Local Format String vulnerability in IBM AIX 5.1/5.2/5.3 Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument. | 7.2 |
2005-05-02 | CVE-2005-0248 | Unspecified vulnerability in SUN Solaris and Sunos The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts. | 7.5 |
2005-05-02 | CVE-2005-0247 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Postgresql Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245. | 6.5 |