Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-11 | CVE-2005-2181 | Improper Verification of Cryptographic Signature vulnerability in Cisco IP Phone 7940 Firmware and IP Phone 7960 Firmware Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
| 2005-07-06 | CVE-2005-2160 | Cleartext Storage of Sensitive Information vulnerability in Ipswitch Imail 2006 IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2005-06-28 | CVE-2005-0772 | NULL Pointer Dereference vulnerability in Veritas Backup Exec VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference. | 7.5 |
| 2005-06-15 | CVE-2005-1306 | XXE vulnerability in Adobe Acrobat and Acrobat Reader The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability." | 7.5 |
| 2005-06-09 | CVE-2005-1891 | Integer Underflow (Wrap or Wraparound) vulnerability in AOL AIM The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. | 7.5 |
| 2005-06-08 | CVE-2005-1941 | Incorrect Default Permissions vulnerability in Silvercity Project Silvercity SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | 7.8 |
| 2005-05-26 | CVE-2005-1828 | Cleartext Storage of Sensitive Information vulnerability in Dlink Dsl-504T Firmware D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2005-05-02 | CVE-2005-1036 | Missing Initialization of Resource vulnerability in Freebsd FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. | 7.8 |
| 2005-05-02 | CVE-2005-0891 | Double Free vulnerability in Gnome GTK Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. | 7.5 |
| 2005-05-02 | CVE-2005-0877 | Origin Validation Error vulnerability in Thekelleys Dnsmasq Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. | 7.5 |