Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-14 | CVE-2005-4217 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server 10.3.9 Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges. | 7.5 |
| 2005-12-14 | CVE-2005-4216 | Remote Denial of Service vulnerability in Macromedia Flash Media Server 2.0/2.0R1145 The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111. | 7.8 |
| 2005-12-14 | CVE-2005-4215 | Denial Of Service vulnerability in Motorola Cable Modem Sb5100E Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). | 7.8 |
| 2005-12-14 | CVE-2005-4213 | SQL Injection vulnerability in Coinsoft Technologies PHPcoin 1.2.2 SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie. | 7.5 |
| 2005-12-14 | CVE-2005-4211 | Unspecified vulnerability in Coinsoft Technologies PHPcoin 1.2.2 PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable. | 7.5 |
| 2005-12-14 | CVE-2005-2831 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. | 7.5 |
| 2005-12-14 | CVE-2005-2827 | Local Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows NT The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability." | 7.2 |
| 2005-12-13 | CVE-2005-4207 | SQL Injection vulnerability in BTGrup Admin WebController SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password fields. | 7.5 |
| 2005-12-13 | CVE-2005-4203 | Directory Traversal vulnerability in Logisphere 0.9.9J LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a large number of messages via the msg command. | 7.8 |
| 2005-12-13 | CVE-2005-4199 | SQL Injection vulnerability in Mybb 1.0 Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. | 7.5 |