Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-10-26 | CVE-2005-2746 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages. | 5.0 |
2005-10-26 | CVE-2005-2745 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information. | 5.0 |
2005-10-26 | CVE-2005-2742 | Unspecified vulnerability in Apple mac OS X and mac OS X Server SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting. | 4.6 |
2005-10-26 | CVE-2005-2524 | Unspecified vulnerability in Apple mac OS X, mac OS X Server and Safari Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site. | 5.0 |
2005-10-25 | CVE-2005-2744 | Multiple vulnerability in Apple Mac OS X Security Update 2005-008 Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file. | 5.1 |
2005-10-25 | CVE-2005-2959 | Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are. | 4.6 |
2005-10-25 | CVE-2005-2926 | Local Buffer Overflow vulnerability in SCO OpenServer Backupsh Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable. | 4.6 |
2005-10-24 | CVE-2005-3301 | Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. network phpmyadmin | 4.3 |
2005-10-23 | CVE-2005-3300 | Local File Inclusion vulnerability in PHPmyadmin 2.6.4Pl3 The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. | 5.0 |
2005-10-23 | CVE-2005-3299 | Local File Include vulnerability in PHPmyadmin 2.6.4/2.6.4Pl1 PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. | 5.0 |