Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0248 | Unspecified vulnerability in SUN Solaris and Sunos The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts. | 7.5 |
| 2005-05-02 | CVE-2005-0240 | Unspecified vulnerability in IBM AIX 5.2 Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message. | 7.2 |
| 2005-05-02 | CVE-2005-0239 | Unspecified vulnerability in Squirrelmail S Mime Plugin 0.4/0.5 viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0217 | SQL Injection vulnerability in Invision Power Services Invision Community Blog 1.0 SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0211 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0209 | Improper Input Validation vulnerability in Linux Kernel 2.6.8.1 Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments. | 7.8 |
| 2005-05-02 | CVE-2005-0200 | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386. | 7.5 |
| 2005-05-02 | CVE-2005-0198 | Remote Authentication Bypass vulnerability in University Of Washington IMAP Server CRAM-MD5 A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users. | 7.5 |
| 2005-05-02 | CVE-2005-0187 | Remote Code Execution vulnerability in AtHoc ToolBar Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name. | 7.5 |
| 2005-05-02 | CVE-2005-0185 | Buffer Overflow vulnerability in Mnet Soft Factory Nodemanager Professional 2.00 Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field. | 7.5 |