Weekly Vulnerabilities Reports > August 22 to 28, 2005
Overview
70 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 119 products from 51 vendors including Linux, Openvpn, Savewebportal, Cisco, and Xerox. Vulnerabilities are notably categorized as "Resource Management Errors", and "NULL Pointer Dereference".
- 61 reported vulnerabilities are remotely exploitables.
- 70 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Broadcom has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-08-23 | CVE-2005-2679 | Sysinternals | Buffer Overflow vulnerability in Sysinternals Process Explorer 9.23.0.0 Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a running process. | 10.0 |
2005-08-23 | CVE-2005-2669 | Broadcom CA | Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets. | 10.0 |
2005-08-23 | CVE-2005-2668 | Broadcom CA | Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
28 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-08-26 | CVE-2005-2697 | Mybulletinboard | SQL Injection vulnerability in MyBulletinBoard Search.PHP SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. | 7.5 |
2005-08-26 | CVE-2005-2694 | Winace | Remote Security vulnerability in Winace 2.6.0.5 Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allows remote attackers to execute arbitrary code via a temporary (.tmp) file that contains an entry with a long file name. | 7.5 |
2005-08-24 | CVE-2005-2692 | Runcms | SQL-Injection vulnerability in Runcms 1.1/1.1A/1.2 Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. | 7.5 |
2005-08-24 | CVE-2005-2691 | Runcms | Remote Security vulnerability in Runcms 1.1/1.1A/1.2 includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. | 7.5 |
2005-08-24 | CVE-2005-2690 | Postnuke Software Foundation | SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.76Rc4B SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php. | 7.5 |
2005-08-24 | CVE-2005-2687 | Savewebportal | Remote Security vulnerability in Savewebportal 3.4 PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | 7.5 |
2005-08-24 | CVE-2005-2686 | Savewebportal | Directory Traversal vulnerability in Savewebportal 3.4 Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | 7.5 |
2005-08-24 | CVE-2005-2685 | Savewebportal | Remote Security vulnerability in Savewebportal 3.4 SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. | 7.5 |
2005-08-24 | CVE-2005-2556 | Mantis | Input Validation vulnerability in Mantis core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | 7.5 |
2005-08-23 | CVE-2005-2684 | Virtech | nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query. | 7.5 |
2005-08-23 | CVE-2005-2683 | Phpkit | SQL Injection vulnerability in PHPkit 1.6.1 Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php. | 7.5 |
2005-08-23 | CVE-2005-2673 | Woltlab | SQL Injection vulnerability in Woltlab Burning Board 2.2.2/2.2.3 SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters. | 7.5 |
2005-08-23 | CVE-2005-2665 | ELM Development Group | Remote Buffer Overflow vulnerability in Elm Expires Header Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header. | 7.5 |
2005-08-23 | CVE-2005-2651 | Phpoutsourcing | Unspecified vulnerability in PHPoutsourcing Zorum 3.5 gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter. | 7.5 |
2005-08-23 | CVE-2005-2645 | Xerox | Security Bypass vulnerability in Document Centre Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication. | 7.5 |
2005-08-23 | CVE-2005-2644 | Isemarket | Buffer Overflow vulnerability in Isemarket JaguarControl ActiveX Control Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Jtext field. | 7.5 |
2005-08-23 | CVE-2005-2642 | Mutt | Buffer Overflow vulnerability in Mutt 1.5.10 Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext. | 7.5 |
2005-08-23 | CVE-2005-2641 | Padl Software | Authentication Bypass vulnerability in PADL Software PAM_LDAP Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. | 7.5 |
2005-08-23 | CVE-2005-2639 | Valusoft | Buffer Overflow vulnerability in Valusoft Chris Moneymakers World Poker Championship 1.0 Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | 7.5 |
2005-08-23 | CVE-2005-2637 | Phpfreenews | SQL Injection vulnerability in PHPFreeNews SearchResults.PHP Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php. | 7.5 |
2005-08-23 | CVE-2005-2636 | Phpadsnew Phppgads | SQL Injection vulnerability in phpPgAds Lib-View-Direct.INC.PHP SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the clientid parameter. | 7.5 |
2005-08-23 | CVE-2005-2634 | Winftp Server | Buffer Overflow vulnerability in Winftp Server Winftp Server 1.6.8 Buffer overflow in the Log-SCR function in the "Log to Screen" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request. | 7.5 |
2005-08-23 | CVE-2005-2633 | Phptb | Remote File Include vulnerability in PHPTB Topic Board Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter. | 7.5 |
2005-08-23 | CVE-2005-2632 | Mediabox404 | SQL Injection vulnerability in Mediabox404 Login_Admin_Mediabox404.PHP SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the User field. | 7.5 |
2005-08-23 | CVE-2005-2631 | Cisco | Unspecified vulnerability in Cisco Network Admission Control Manager and Server System Software Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users. | 7.5 |
2005-08-23 | CVE-2005-0358 | EMC SUN | Multiple vulnerability in EMC Legato Networker EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token. | 7.5 |
2005-08-23 | CVE-2005-0357 | EMC SUN | Multiple vulnerability in EMC Legato Networker EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID. | 7.5 |
2005-08-23 | CVE-2005-2681 | Cisco | Local Privilege Escalation vulnerability in Cisco Intrusion Prevention System Unspecified vulnerability in the command line processing (CLI) logic in Cisco Intrusion Prevention System 5.0(1) and 5.0(2) allows local users with OPERATOR or VIEWER privileges to gain additional privileges via unknown vectors. | 7.2 |
32 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-08-23 | CVE-2005-2646 | Xerox | Denial-Of-Service vulnerability in Document Centre Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests. | 6.4 |
2005-08-23 | CVE-2005-0359 | EMC SUN | Multiple vulnerability in EMC Legato Networker The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service. | 6.4 |
2005-08-26 | CVE-2005-2696 | IBM | Information Disclosure vulnerability in Lotus Notes IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. | 5.0 |
2005-08-26 | CVE-2005-2695 | Cisco | Unspecified vulnerability in Cisco products Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS). | 5.0 |
2005-08-24 | CVE-2005-2532 | Openvpn | Denial Of Service vulnerability in OpenVPN Packet Decryption Failure OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. | 5.0 |
2005-08-24 | CVE-2005-2531 | Openvpn | Denial Of Service vulnerability in OpenVPN Failed Authentication OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. | 5.0 |
2005-08-23 | CVE-2005-2680 | Oracle | Security Bypass vulnerability in Oracle Weblogic Portal 8.1 Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. | 5.0 |
2005-08-23 | CVE-2005-2678 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. | 5.0 |
2005-08-23 | CVE-2005-2677 | Acnews | Information Disclosure vulnerability in ACNews ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server. | 5.0 |
2005-08-23 | CVE-2005-2670 | Hauri | Directory Traversal vulnerability in HAURI Anti-Virus Compressed Files Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files. | 5.0 |
2005-08-23 | CVE-2005-2667 | Broadcom CA | Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability." | 5.0 |
2005-08-23 | CVE-2005-2652 | Phpoutsourcing | Remote Security vulnerability in PHPoutsourcing Zorum 3.5 Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php. | 5.0 |
2005-08-23 | CVE-2005-2648 | W Agora | Directory Traversal vulnerability in W-Agora 4.2 Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter. | 5.0 |
2005-08-23 | CVE-2005-2643 | TOR | Unspecified vulnerability in TOR Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit. | 5.0 |
2005-08-23 | CVE-2005-2640 | Neoteris Juniper Netscreen | Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid. | 5.0 |
2005-08-23 | CVE-2005-2635 | Phpadsnew Phppgads | Local File Include vulnerability in phpPgAds Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include arbitrary files via a .. | 5.0 |
2005-08-23 | CVE-2005-2459 | Linux Debian | Null Pointer Dereference vulnerability in multiple products The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458. | 5.0 |
2005-08-23 | CVE-2005-2458 | Linux | Local Denial of Service vulnerability in Linux Kernel ZLib Invalid Memory Access inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables". | 5.0 |
2005-08-23 | CVE-2005-2457 | Linux | Denial Of Service vulnerability in Linux Kernel ISO File System The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system. | 5.0 |
2005-08-23 | CVE-2005-2099 | Linux | Resource Management Errors vulnerability in Linux Kernel The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. | 5.0 |
2005-08-23 | CVE-2005-2098 | Linux | Local Denial of Service vulnerability in Linux Kernel Session Keyring Allocation The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM. | 5.0 |
2005-08-26 | CVE-2005-2699 | Phpkit | File-Upload vulnerability in PHPkit 1.6.1 Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. | 4.6 |
2005-08-26 | CVE-2005-2693 | CVS | Unspecified vulnerability in CVS 1.12.12 cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack. | 4.6 |
2005-08-24 | CVE-2005-1843 | Adobe | Local Privilege Escalation vulnerability in Adobe Version Cue for Mac OS X VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument. | 4.6 |
2005-08-26 | CVE-2005-2698 | Nelogic Technologies | Cross-Site Scripting vulnerability in Nelogic Technologies Nephp Publisher Enterprise 3.04 Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter. | 4.3 |
2005-08-24 | CVE-2005-2688 | Savewebportal | Cross-Site Scripting vulnerability in Savewebportal 3.4 Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields. | 4.3 |
2005-08-23 | CVE-2005-2676 | Coppermine | Unspecified vulnerability in Coppermine Photo Gallery Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. | 4.3 |
2005-08-23 | CVE-2005-2653 | Bbcaffe | HTML Injection vulnerability in Bbcaffe 2.0 Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message. | 4.3 |
2005-08-23 | CVE-2005-2650 | Emefa | HTML Injection vulnerability in Emefa Guestbook 1.2 Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. | 4.3 |
2005-08-23 | CVE-2005-2649 | Adaptive Technology Resource Centre | Cross-Site Scripting vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php. | 4.3 |
2005-08-23 | CVE-2005-2647 | Xerox | Cross-Site Scripting vulnerability in Document Centre Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors. | 4.3 |
2005-08-23 | CVE-2005-2638 | Phpfreenews | Cross-Site Scripting vulnerability in PHPfreenews 1.40 Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php. | 4.3 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-08-24 | CVE-2005-2689 | Postnuke Software Foundation | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.76Rc4B Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php. | 2.6 |
2005-08-24 | CVE-2005-2534 | Openvpn | Denial Of Service vulnerability in OpenVPN Same Client Certificate Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate. | 2.6 |
2005-08-24 | CVE-2005-2533 | Openvpn | Unspecified vulnerability in Openvpn OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses. | 2.1 |
2005-08-24 | CVE-2005-1842 | Adobe | Local Privilege Escalation vulnerability in Adobe Version Cue for Mac OS X VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack. | 2.1 |
2005-08-23 | CVE-2005-2672 | LM Sensors | Unspecified vulnerability in LM Sensors LM Sensors pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file. | 2.1 |
2005-08-23 | CVE-2005-2664 | Whisper32 | Unspecified vulnerability in Whisper32 1.16 Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory. | 2.1 |
2005-08-23 | CVE-2005-2499 | Slocate | Local Database Corruption vulnerability in SLocate slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure. | 2.1 |