Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-31 | CVE-2005-4762 | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges. | 7.2 |
2005-12-31 | CVE-2005-4757 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections. | 7.5 |
2005-12-31 | CVE-2005-4756 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges. | 7.5 |
2005-12-31 | CVE-2005-4750 | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors. | 7.5 |
2005-12-31 | CVE-2005-4746 | RLM_SQLCounter Buffer Overflow vulnerability in Freeradius 1.0.3/1.0.4 Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". | 7.8 |
2005-12-31 | CVE-2005-4745 | SQL Injection vulnerability in Freeradius 1.0.3/1.0.4 SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2005-12-31 | CVE-2005-4741 | Local PTrace Privilege Escalation vulnerability in NetBSD NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. | 7.5 |
2005-12-31 | CVE-2005-4737 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared. | 7.5 |
2005-12-31 | CVE-2005-4729 | SQL Injection vulnerability in Vbzoom 1.11 SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter. | 7.5 |
2005-12-31 | CVE-2005-4725 | Security Bypass vulnerability in Geeklog (Extended Japanese Package) Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID. | 7.5 |