Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-15 | CVE-2005-4270 | Remote Buffer Overflow vulnerability in Watchfire Appscan QA 5.0.134/5.0.609 Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field. | 7.5 |
2005-12-15 | CVE-2005-4269 | Denial-Of-Service vulnerability in Microsoft IE, Windows 2003 Server and Windows XP mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. | 7.8 |
2005-12-15 | CVE-2005-4266 | Remote Security vulnerability in Mdaemon WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value. | 7.5 |
2005-12-15 | CVE-2005-4264 | SQL Injection vulnerability in Triangle Solutions PHP Support Tickets 2.0 Multiple SQL injection vulnerabilities in index.php in PHP Support Tickets 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields, and (3) id parameter. | 7.5 |
2005-12-15 | CVE-2005-4263 | SQL Injection vulnerability in Envolution SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter. | 7.5 |
2005-12-15 | CVE-2005-4261 | Perl Security vulnerability in Positive Software Corporation CP+ Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure. | 7.8 |
2005-12-15 | CVE-2005-4259 | SQL Injection vulnerability in Aspbb 0.4 Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) TID parameter in topic.asp, (2) FORUM_ID parameter in forum.asp, and (3) PROFILE_ID parameter in profile.asp. | 7.5 |
2005-12-15 | CVE-2005-4258 | Cisco Catalyst Switches LanD Packet Denial Of Service vulnerability in Multiple Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). | 7.8 |
2005-12-15 | CVE-2005-4257 | Denial Of Service vulnerability in Multiple Linksys Routers LanD Packet Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). | 7.8 |
2005-12-15 | CVE-2005-4254 | SQL Injection vulnerability in Dreamlevels Dream Poll 3.0Final SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |