Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-29 | CVE-2005-3889 | Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads. | 7.8 |
| 2005-11-29 | CVE-2005-3888 | Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20 Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped. | 7.8 |
| 2005-11-29 | CVE-2005-2124 | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." | 7.6 |
| 2005-11-29 | CVE-2005-2123 | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | 7.5 |
| 2005-11-29 | CVE-2005-3886 | Local Privilege Escalation vulnerability in Cisco Security Agent Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. | 7.2 |
| 2005-11-29 | CVE-2005-3884 | SQL Injection vulnerability in Zainu 2.0 Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php. | 7.5 |
| 2005-11-29 | CVE-2005-3882 | SQL Injection vulnerability in FAQRing Answer.PHP SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-11-29 | CVE-2005-3881 | SQL Injection vulnerability in Altantisfaq Altantis Knowledge Base Software SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | 7.5 |
| 2005-11-29 | CVE-2005-3880 | SQL Injection vulnerability in KBase Express Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in users/comments.php, (2) category_id and (3) id parameters in users/kb.php. | 7.5 |
| 2005-11-29 | CVE-2005-3879 | SQL Injection vulnerability in Softbiz Resource Repository Script 1.1 Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php. | 7.5 |