Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-3540 | Local Buffer Overflow vulnerability in Petris Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors. | 7.5 |
| 2005-12-31 | CVE-2005-3539 | Scripts Remote Command Execution vulnerability in Hylafax Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3. | 7.5 |
| 2005-12-31 | CVE-2005-3538 | Remote PAM Authentication Bypass vulnerability in Ifax Solutions Hylafax 4.2.3 hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges. | 7.5 |
| 2005-12-31 | CVE-2005-3340 | Unspecified vulnerability in NEW Breed Software TUX Paint 0.9.14 The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors. | 7.2 |
| 2005-12-31 | CVE-2005-3188 | Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.094 Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | 7.6 |
| 2005-12-31 | CVE-2005-3058 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortigate and Fortios Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. | 7.5 |
| 2005-12-31 | CVE-2005-2934 | Local Privilege Escalation vulnerability in SCO Unixware 7.1.3/7.1.4 Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2005-12-31 | CVE-2005-2932 | Permissions, Privileges, and Access Controls vulnerability in Checkpoint Zonealarm and Zonealarm Security Suite Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls. | 7.2 |
| 2005-12-31 | CVE-2005-2712 | Denial of Service vulnerability in Lotus Domino LDAP The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. | 7.8 |
| 2005-12-31 | CVE-2005-2711 | Local Privilege Escalation vulnerability in Internet Security Systems BlackICE and RealSecure Desktop ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM. | 7.2 |