Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-18 | CVE-2005-3663 | Local Security vulnerability in Kaspersky LAB Kaspersky Anti-Virus 5.0 Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | 7.2 |
| 2005-11-18 | CVE-2005-3186 | Buffer Overflow vulnerability in GDK-Pixbuf/GTK XPM Images Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. | 7.5 |
| 2005-11-18 | CVE-2005-2940 | Unspecified vulnerability in Microsoft Antispyware 1.0.509 Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. | 7.2 |
| 2005-11-18 | CVE-2005-2939 | Unspecified vulnerability in VMWare Workstation 5.0.0Build13124 Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | 7.2 |
| 2005-11-18 | CVE-2005-2938 | Permissions, Privileges, and Access Controls vulnerability in Apple Itunes 4.7.1.30/5.0 Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. | 7.2 |
| 2005-11-18 | CVE-2005-2936 | Permissions, Privileges, and Access Controls vulnerability in Realnetworks Realone Player and Realplayer Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file. | 7.2 |
| 2005-11-18 | CVE-2005-2929 | Permissions, Privileges, and Access Controls vulnerability in University of Kansas Lynx 2.8.5/2.8.6/2.8.6Dev13 Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments. | 7.5 |
| 2005-11-18 | CVE-2005-1925 | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1/1.9.0 Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. | 7.5 |
| 2005-11-17 | CVE-2005-3648 | Unspecified vulnerability in Moodle 1.5.2 Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php. | 7.5 |
| 2005-11-17 | CVE-2005-3646 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. | 7.5 |