Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-17 | CVE-2005-0290 | Multiple vulnerability in Netgear Fvs318 2.4 NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. | 7.5 |
| 2005-01-14 | CVE-2005-0113 | Local Privilege Escalation vulnerability in SGI Irix 6.5 inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges. | 7.2 |
| 2005-01-13 | CVE-2005-0111 | Remote Buffer Overflow vulnerability in Mysql Maxdb 7.5.00 Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter. | 7.5 |
| 2005-01-12 | CVE-2005-0376 | Remote Security vulnerability in Sergey Kiselev Sgallery 1.01 PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php. | 7.5 |
| 2005-01-11 | CVE-2004-0991 | Heap Overflow vulnerability in MPG123 Layer 2 Frame Header Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. | 7.5 |
| 2005-01-10 | CVE-2005-0284 | SQL-Injection vulnerability in Woltlab Burning Book 1.0Gold/1.1.1E SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter. | 7.5 |
| 2005-01-10 | CVE-2004-1314 | Unspecified vulnerability in Apple Safari Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. | 7.5 |
| 2005-01-10 | CVE-2004-1313 | Local Security vulnerability in Webroot Software MY Firewall Plus 5.0 The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges. | 7.2 |
| 2005-01-10 | CVE-2004-1291 | Remote Security vulnerability in Qwik Smtpd Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer. | 7.5 |
| 2005-01-10 | CVE-2004-1263 | Denial-Of-Service vulnerability in ChangePassword changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program. | 7.2 |