Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-04-08 | CVE-2005-1094 | FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | 4.6 |
2005-04-08 | CVE-2005-1072 | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. network punbb | 4.3 |
2005-04-08 | CVE-2005-1067 | Unspecified vulnerability in Access User Class Access User Class 1.6 Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new". | 7.5 |
2005-04-07 | CVE-2005-1087 | Unspecified vulnerability in AN An-Httpd 1.42N CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request. | 6.4 |
2005-04-07 | CVE-2005-0351 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SCO Openserver 5.0.6/5.0.7 Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable. | 4.6 |
2005-04-06 | CVE-2005-1096 | SQL Injection vulnerability in Ocean12 Membership Manager Pro SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter. | 7.5 |
2005-04-06 | CVE-2005-1029 | SQL Injection vulnerability in Active web Softwares Active Auction House 7.1 Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp. | 7.5 |
2005-04-05 | CVE-2005-1035 | Unspecified vulnerability in Pavuk Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact. | 7.5 |
2005-04-01 | CVE-2005-0749 | Local Denial of Service vulnerability in Linux Kernel Elf Binary Loading The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer. | 7.2 |
2005-03-31 | CVE-2005-0957 | Authentication Bypass vulnerability in BAY Technical Associates Rpc3 Telnet F3.05 Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attackers to bypass authentication by pressing the escape and enter keys at the username prompt. | 7.5 |