Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-17 | CVE-2005-3644 | Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. | 7.8 |
| 2005-11-16 | CVE-2005-3643 | Authentication Bypass vulnerability in IBM DB2 Windows XP Simple File Sharing IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. | 7.5 |
| 2005-11-16 | CVE-2005-3642 | Authentication Bypass vulnerability in IBM Informix Dynamic Server Windows XP Simple File Sharing IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. | 7.5 |
| 2005-11-16 | CVE-2005-3641 | Authentication Bypass vulnerability in Oracle Database Windows XP Simple File Sharing Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. | 7.5 |
| 2005-11-16 | CVE-2005-3639 | Local File Include vulnerability in Help Center Live PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability. | 7.5 |
| 2005-11-16 | CVE-2005-3596 | Unspecified vulnerability in Iisworks Aspknowledgebase SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp. | 7.5 |
| 2005-11-16 | CVE-2005-3591 | Improper Input Validation vulnerability in Macromedia Flash Player Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. | 7.5 |
| 2005-11-16 | CVE-2005-3589 | Remote Client-Side Buffer Overflow vulnerability in Filezilla Server Terminal 0.9.4D Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command. | 7.8 |
| 2005-11-16 | CVE-2005-3588 | SQL-Injection vulnerability in Advanced Guestbook Advanced Guestbook 2.2 SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field. | 7.5 |
| 2005-11-16 | CVE-2005-3585 | SQL Injection vulnerability in PHPwebthings 1.4.4 SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter. | 7.5 |