Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2005-09-23 CVE-2005-2701 Heap Overflow vulnerability in Mozilla Browser/Firefox XBM Image Processing
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
network
low complexity
mozilla
7.5
2005-09-22 CVE-2005-3043 SQL Injection vulnerability in Mall23 AddItem.ASP
SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOption_Dropdown_2 parameter.
network
low complexity
mall23
7.5
2005-09-22 CVE-2005-3042 Remote PAM Authentication Bypass vulnerability in Webmin / Usermin
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
network
low complexity
usermin webmin
7.5
2005-09-22 CVE-2005-3039 SQL Injection vulnerability in Mall23 Infopage.ASP
SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter.
network
low complexity
mall23
7.5
2005-09-22 CVE-2005-3034 Authentication Bypass vulnerability in Compuware Driverstudio 2.7/3.0Beta2
Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to bypass authentication via a null session.
network
low complexity
compuware
7.5
2005-09-22 CVE-2005-3033 Denial-Of-Service vulnerability in Cambridge Computer Corporation Vxweb 1.1.4
Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
network
low complexity
cambridge-computer-corporation
7.5
2005-09-22 CVE-2005-3032 Remote Buffer Overflow vulnerability in Cambridge Computer Corporation Vxtftpsrv 1.7
Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TFTP request with a long filename argument.
network
low complexity
cambridge-computer-corporation
7.5
2005-09-22 CVE-2005-3031 Remote Security vulnerability in Cambridge Computer Corporation Vxftpsrv 0.9.7
Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute arbitrary code via a long USER name.
network
low complexity
cambridge-computer-corporation
7.5
2005-09-21 CVE-2005-3029 Remote Buffer Overflow vulnerability in Ahnlab V3 Virusblock 2005, V3Net and V3Pro 2004
Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive.
network
low complexity
ahnlab
7.5
2005-09-21 CVE-2005-3024 SQL-Injection vulnerability in vBulletin
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
network
low complexity
jelsoft
7.5