Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-10-21 | CVE-2005-3274 | NULL Pointer Dereference vulnerability in multiple products Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. | 4.7 |
2005-10-20 | CVE-2005-3261 | Information Disclosure vulnerability in Versatilebulletinboard 1.0.0.Rc2 getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the versions of all installed scripts, which allows remote attackers to obtain sensitive information via a direct request. | 5.0 |
2005-10-20 | CVE-2005-3260 | Cross-Site Scripting vulnerability in Versatilebulletinboard 1.0.0.Rc2 Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php. network versatilebulletinboard | 4.3 |
2005-10-20 | CVE-2005-3258 | Unspecified vulnerability in Squid The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses. | 5.0 |
2005-10-20 | CVE-2005-2469 | Remote Buffer Overflow vulnerability in Novell Netmail 3.5.2 Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command. | 4.6 |
2005-10-18 | CVE-2005-3257 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6.12/2.6.14.4 The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys. | 4.6 |
2005-10-18 | CVE-2005-3256 | Unspecified vulnerability in Enigmail The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. | 5.0 |
2005-10-18 | CVE-2005-3255 | The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs. | 5.0 |
2005-10-18 | CVE-2005-2969 | Unspecified vulnerability in Openssl The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. | 5.0 |
2005-10-17 | CVE-2005-3251 | Directory Traversal vulnerability in Gallery Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter. | 6.4 |