Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-21 | CVE-2005-4438 | Heap Overflow vulnerability in Dec2Rar.Dll 3.2.14.3 Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field. | 7.5 |
2005-12-21 | CVE-2005-4437 | Unspecified vulnerability in Extended Interior Gateway Routing Protocol Extended Interior Gateway Routing Protocol 1.2 MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. | 7.5 |
2005-12-21 | CVE-2005-4436 | Remote Denial Of Service vulnerability in Cisco EIGRP Protocol Unauthenticated Goodbye Packet Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV). | 7.8 |
2005-12-21 | CVE-2005-4431 | SQL-Injection vulnerability in Wowbb 1.65 SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. | 7.5 |
2005-12-21 | CVE-2005-4430 | SQL Injection vulnerability in LogicBill SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php. | 7.5 |
2005-12-21 | CVE-2005-4429 | SQL Injection vulnerability in Cs-Cart 1.3.0 SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php. | 7.5 |
2005-12-21 | CVE-2005-4348 | Resource Management Errors vulnerability in Fetchmail fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. | 7.8 |
2005-12-20 | CVE-2005-4427 | Input Validation vulnerability in Cerberus Helpdesk 2.649 Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php. | 7.5 |
2005-12-20 | CVE-2005-4425 | Denial of Service vulnerability in Kerio WinRoute Firewall RTSP Stream Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams. | 7.8 |
2005-12-20 | CVE-2005-4421 | Unspecified vulnerability in Dev-Editor Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name. | 7.5 |