Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-10-27 | CVE-2005-3317 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zipgenius Standard5.5.1.468/Suite5.5.1.468 Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute arbitrary code via (1) a ZIP archive that contains a file with a long filename, which is not properly handled by (a) zipgenius.exe, (b) zg.exe, (c) zgtips.dll, and (d) contmenu.dll; (2) a long original name in a (a) UUE, (b) XXE, or (c) MIM file, which is not properly handled by zipgenius.exe; or (3) an ACE archive with a file with a long filename, which is not properly handled by unacev2.dll. | 7.5 |
2005-10-27 | CVE-2005-3316 | Unspecified vulnerability in Symantec Discovery and ON Command Discovery The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password. | 7.5 |
2005-10-26 | CVE-2005-3309 | SQL-Injection vulnerability in Zomplog 3.4 Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php and the catid parameter in (2) get.php and (3) index.php. | 7.5 |
2005-10-26 | CVE-2005-3305 | SQL Injection vulnerability in Nuked-Klan 1.7 Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file. | 7.5 |
2005-10-26 | CVE-2005-3304 | Modules SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.8 Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. | 7.5 |
2005-10-26 | CVE-2005-2743 | Unspecified vulnerability in Apple mac OS X, mac OS X Server and Quicktime The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code. | 7.5 |
2005-10-26 | CVE-2005-2741 | Permissions, Privileges, and Access Controls vulnerability in multiple products Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | 7.2 |
2005-10-25 | CVE-2005-2747 | Multiple vulnerability in Apple Mac OS X Security Update 2005-008 Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file. | 7.5 |
2005-10-25 | CVE-2005-2958 | Format String vulnerability in LibGDA Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code. | 7.5 |
2005-10-25 | CVE-2005-2927 | Local Buffer Overflow vulnerability in SCO Unixware 7.1.3/7.1.4 Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command. | 7.2 |