Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-12 | CVE-2005-2925 | Local Privilege Escalation vulnerability in SGI Irix 6.5.22 runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin. | 7.2 |
| 2005-10-12 | CVE-2005-1978 | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. | 7.5 |
| 2005-10-07 | CVE-2005-2337 | Unspecified vulnerability in Yukihiro Matsumoto Ruby Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | 7.5 |
| 2005-10-06 | CVE-2005-3118 | Unspecified vulnerability in William Stearns Mason 1.0.0 Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot. | 7.5 |
| 2005-10-06 | CVE-2005-3176 | Remote Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. | 7.5 |
| 2005-10-06 | CVE-2005-3175 | Local Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. | 7.2 |
| 2005-10-06 | CVE-2005-3168 | Remote Security vulnerability in Windows 2000 Advanced Server The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. | 7.5 |
| 2005-10-06 | CVE-2005-3161 | SQL Injection vulnerability in PHP-Fusion Register.PHP And FAQ.PHP Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php. | 7.5 |
| 2005-10-06 | CVE-2005-3160 | SQL-Injection vulnerability in PHP Fusion Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters. | 7.5 |
| 2005-10-06 | CVE-2005-3158 | SQL-Injection vulnerability in PHP Fusion 6.00.106/6.00.107 SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159. | 7.5 |