Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-20 | CVE-2005-2709 | Resource Management Errors vulnerability in Linux Kernel The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. | 4.6 |
2005-11-20 | CVE-2005-3354 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sylpheed Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines. | 5.1 |
2005-11-20 | CVE-2005-3351 | Unspecified vulnerability in Apache Spamassassin 3.0.4 SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | 5.0 |
2005-11-19 | CVE-2005-3692 | Input Validation vulnerability in Amax Information Technologies Magic Winmail Server 4.2 Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments. network amax-information-technologies | 4.3 |
2005-11-19 | CVE-2005-3691 | Directory Traversal vulnerability in MailEnable IMAP Command Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename commands. | 5.0 |
2005-11-19 | CVE-2005-3687 | cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter. | 5.0 |
2005-11-19 | CVE-2005-3685 | HTML Injection vulnerability in Virtual Programming Vp-Asp 5.50 Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. network virtual-programming | 4.3 |
2005-11-18 | CVE-2005-3680 | Unspecified vulnerability in Xoops 2.2.3 Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. | 6.4 |
2005-11-18 | CVE-2005-3678 | Improper Input Validation vulnerability in Google Talk Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender. | 5.0 |
2005-11-18 | CVE-2005-3353 | Denial Of Service vulnerability in PHP Group Exif Module Infinite Recursion The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. | 5.0 |