Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-08-19 | CVE-2005-2507 | Unspecified vulnerability in Apple mac OS X Server 10.3.9/10.4.2 Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | 7.5 |
2005-08-19 | CVE-2005-2505 | Unspecified vulnerability in Apple mac OS X 10.3.9 Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation. | 7.5 |
2005-08-19 | CVE-2005-2504 | Unspecified vulnerability in Apple mac OS X and mac OS X Server The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid. | 7.2 |
2005-08-19 | CVE-2005-2501 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file. | 7.6 |
2005-08-19 | CVE-2005-2127 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability." | 7.5 |
2005-08-17 | CVE-2005-2616 | Remote File Include vulnerability in Ezupload 2.2 Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php. | 7.5 |
2005-08-17 | CVE-2005-2615 | Unspecified vulnerability in Eqdkp 1.0.0/1.1.0/1.2.0 Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id. | 7.5 |
2005-08-17 | CVE-2005-2614 | Unspecified vulnerability in Crosscom Olicom Discuz Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php. | 7.5 |
2005-08-17 | CVE-2005-2612 | Remote Security vulnerability in WordPress Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie. | 7.5 |
2005-08-17 | CVE-2005-2606 | Authentication Bypass vulnerability in Phlymail 3.02.00 Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors. | 7.5 |