Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-13 | CVE-2005-0111 | Remote Buffer Overflow vulnerability in Mysql Maxdb 7.5.00 Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter. | 7.5 |
| 2005-01-12 | CVE-2005-0376 | Remote Security vulnerability in Sergey Kiselev Sgallery 1.01 PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php. | 7.5 |
| 2005-01-11 | CVE-2004-0991 | Heap Overflow vulnerability in MPG123 Layer 2 Frame Header Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. | 7.5 |
| 2005-01-10 | CVE-2005-0284 | SQL-Injection vulnerability in Woltlab Burning Book 1.0Gold/1.1.1E SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter. | 7.5 |
| 2005-01-10 | CVE-2004-1314 | Unspecified vulnerability in Apple Safari Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. | 7.5 |
| 2005-01-10 | CVE-2004-1313 | Local Security vulnerability in Webroot Software MY Firewall Plus 5.0 The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges. | 7.2 |
| 2005-01-10 | CVE-2004-1291 | Remote Security vulnerability in Qwik Smtpd Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer. | 7.5 |
| 2005-01-10 | CVE-2004-1263 | Denial-Of-Service vulnerability in ChangePassword changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program. | 7.2 |
| 2005-01-10 | CVE-2004-1229 | Remote vulnerability in Gadu-Gadu Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410. | 7.5 |
| 2005-01-10 | CVE-2004-1165 | Unspecified vulnerability in KDE Kdelibs and Konqueror Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | 7.5 |