Weekly Vulnerabilities Reports > December 26, 2005 to January 1, 2006
Overview
419 new vulnerabilities reported during this period, including 22 critical vulnerabilities and 145 high severity vulnerabilities. This weekly summary report vulnerabilities in 403 products from 242 vendors including IBM, BEA, Apple, SUN, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Resource Management Errors", "Numeric Errors", and "SQL Injection".
- 338 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 15 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 400 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 22 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
22 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-31 | CVE-2005-4865 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname. | 10.0 |
2005-12-31 | CVE-2005-4847 | Spey | Remote Security vulnerability in Spey 0.3.3 Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number of security holes which could lead to compromise," a different issue than CVE-2005-4846. | 10.0 |
2005-12-31 | CVE-2005-4837 | NET Snmp Sourceforge | Numeric Errors vulnerability in multiple products snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. | 10.0 |
2005-12-31 | CVE-2005-4823 | HP | Buffer Overflow vulnerability in HP HTTP Server Remote Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2005-12-31 | CVE-2005-4730 | Pear | Remote Security vulnerability in Pear Text Password 1.0 Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds. | 10.0 |
2005-12-31 | CVE-2005-4604 | Jean Jacques Sarton | Buffer Overflow vulnerability in Jean-Jacques Sarton Mtink 1.0.5 Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable. | 10.0 |
2005-12-31 | CVE-2005-3653 | Broadcom CA | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. | 10.0 |
2005-12-31 | CVE-2005-3625 | Easy Software Products KDE Libextractor Poppler SGI Tetex Xpdf Conectiva Debian Gentoo Mandrakesoft Redhat SCO Slackware Suse Trustix Turbolinux Ubuntu | Resource Management Errors vulnerability in multiple products Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." | 10.0 |
2005-12-31 | CVE-2005-3057 | Fortinet | Unspecified vulnerability in Fortinet Fortigate and Fortios The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. | 10.0 |
2005-12-31 | CVE-2005-2530 | SUN | Privilege Escalation vulnerability in SUN Java 1.3.1 Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions." | 10.0 |
2005-12-31 | CVE-2005-2529 | SUN | Remote Security vulnerability in SUN Java 1.4.2 Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives." | 10.0 |
2005-12-29 | CVE-2005-4566 | Adtran | Multiple Unspecified vulnerability in ADTRAN NetVanta Products IKE Traffic Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 10.0 |
2005-12-29 | CVE-2005-4565 | Adtran | Multiple Unspecified vulnerability in ADTRAN NetVanta Products IKE Traffic Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 10.0 |
2005-12-31 | CVE-2005-4853 | EZ | Permissions, Privileges, and Access Controls vulnerability in EZ Publish The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings. | 9.4 |
2005-12-31 | CVE-2005-4867 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter. | 9.3 |
2005-12-31 | CVE-2005-3525 | Adobe | Buffer Overflow vulnerability in Macromedia Shockwave Player ActiveX Control Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | 9.3 |
2005-12-31 | CVE-2005-2922 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header. | 9.3 |
2005-12-31 | CVE-2005-2619 | Autonomy IBM | Path Traversal vulnerability in multiple products Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. | 9.3 |
2005-12-31 | CVE-2005-2618 | Autonomy IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll). | 9.3 |
2005-12-31 | CVE-2005-1924 | Squirrelmail | Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. | 9.3 |
2005-12-31 | CVE-2005-1730 | Novell | Unspecified vulnerability in Novell Imanager 1.5/2.0/2.0.2 Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112. | 9.3 |
2005-12-31 | CVE-2005-4800 | Yapig | Remote Security vulnerability in YaPig Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. | 9.0 |
145 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-31 | CVE-2005-4860 | Spectrumcu | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Spectrumcu Cash Receipting System Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password. | 7.8 |
2005-12-31 | CVE-2005-4843 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 7.0 The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | 7.8 |
2005-12-31 | CVE-2005-4812 | Sisco | Remote Denial of Service vulnerability in SISCO OSI Stack The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan. | 7.8 |
2005-12-31 | CVE-2005-4764 | BEA | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins). | 7.8 |
2005-12-31 | CVE-2005-4746 | Freeradius | RLM_SQLCounter Buffer Overflow vulnerability in Freeradius 1.0.3/1.0.4 Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". | 7.8 |
2005-12-31 | CVE-2005-2712 | IBM | Denial of Service vulnerability in Lotus Domino LDAP The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. | 7.8 |
2005-12-31 | CVE-2005-2342 | RIM | Denial Of Service vulnerability in Blackberry Enterprise Server Router SRP Packet Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing Protocol (SRP) packets. | 7.8 |
2005-12-30 | CVE-2005-4587 | Juniper | Remote Denial of Service vulnerability in Juniper NetScreen-Security Manager 2004 Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port). | 7.8 |
2005-12-29 | CVE-2005-4570 | Fortinet | Denial Of Service vulnerability in Multiple Fortinet Products IKE Exchange The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.8 |
2005-12-28 | CVE-2005-4546 | Epic Designs | Cross-Site Scripting vulnerability in Epic Designs Eggblog Search.PHP search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability. | 7.8 |
2005-12-31 | CVE-2005-4830 | Viewcvs | Unspecified vulnerability in Viewcvs 0.9.2 CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter. | 7.6 |
2005-12-31 | CVE-2005-4808 | GNU Canonical | Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. | 7.6 |
2005-12-31 | CVE-2005-4765 | BEA | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection. | 7.6 |
2005-12-31 | CVE-2005-3618 | Vmware | Cross-Site Request Forgery vulnerability in ESX Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. | 7.6 |
2005-12-31 | CVE-2005-3188 | Nullsoft | Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.094 Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | 7.6 |
2005-12-31 | CVE-2005-4875 | Typo3 | Information Exposure vulnerability in Typo3 0.4.1/1.1/3.7.0 TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables. | 7.5 |
2005-12-31 | CVE-2005-4873 | Cups | Buffer Errors vulnerability in Cups 1.1.23 Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c. | 7.5 |
2005-12-31 | CVE-2005-4861 | Jasio NET | Improper Authentication vulnerability in Jasio.Net Ragnarok Online Control Panel 4.3.4A functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | 7.5 |
2005-12-31 | CVE-2005-4832 | Oracle | Remote SQL Injection vulnerability in Oracle 10g Database SUBSCRIPTION_NAME SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197. | 7.5 |
2005-12-31 | CVE-2005-4827 | Microsoft Canon | Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. | 7.5 |
2005-12-31 | CVE-2005-4824 | Glen Campbell | Remote Security vulnerability in Siteframe PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the LOCAL_PATH parameter, a different vulnerability than CVE-2005-1965. | 7.5 |
2005-12-31 | CVE-2005-4822 | Digger Solutions | SQL Injection vulnerability in Digger Solutions Intranet Open Source Project-Edit.ASP SQL injection vulnerability in projects/project-edit.asp in Digger Solutions Intranet Open Source (IOS) version 2.7.2 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. | 7.5 |
2005-12-31 | CVE-2005-4818 | Copernicus | SQL Injection vulnerability in Copernicus Europa Multiple SQL injection vulnerabilities in Copernicus Europa allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2005-12-31 | CVE-2005-4817 | Tmsnc | Format String vulnerability in TMSNC Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function. | 7.5 |
2005-12-31 | CVE-2005-4816 | Proftpd Project | Buffer Overflow vulnerability in ProFTPD Mod_Radius Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. | 7.5 |
2005-12-31 | CVE-2005-4815 | SAP | Remote Security vulnerability in Sap R 3 SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the "FX SAP R/3 gwrd vuln." | 7.5 |
2005-12-31 | CVE-2005-4814 | Middlebury College | File-Upload vulnerability in Segue Cms Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory. | 7.5 |
2005-12-31 | CVE-2005-4807 | GNU Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. | 7.5 |
2005-12-31 | CVE-2005-4801 | Yapig | Cross-Site Request Forgery vulnerability in YaPig Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a mod_info action in modify_gallery.php. | 7.5 |
2005-12-31 | CVE-2005-4793 | Hitachi | Remote Security vulnerability in Hitachi products Multiple unspecified vulnerabilities in the web utility function in Hitachi Cm2/Network Node Manager and JP1/Cm2/Network Node Manager before 20050930 allow attackers to execute arbitrary commands, disable services, and "exploit vulnerabilities." | 7.5 |
2005-12-31 | CVE-2005-4792 | Phpwebsite | SQL Injection vulnerability in PHPWebSite Search Module SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. | 7.5 |
2005-12-31 | CVE-2005-4770 | Accelerated Enterprise Solutions | SQL Injection vulnerability in Accelerated E Solutions SQL injection vulnerability in an unspecified Accelerated Enterprise Solutions product, possibly Accelerated E Solutions, allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
2005-12-31 | CVE-2005-4769 | Belchior Foundry | SQL Injection vulnerability in Belchior Foundry vCard Pro Addrbook.PHP SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_id parameter. | 7.5 |
2005-12-31 | CVE-2005-4768 | TUX Racer | SQL Injection vulnerability in TuxBank ManageAccount.PHP SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.php. | 7.5 |
2005-12-31 | CVE-2005-4763 | BEA | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions. | 7.5 |
2005-12-31 | CVE-2005-4757 | BEA | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections. | 7.5 |
2005-12-31 | CVE-2005-4756 | BEA | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges. | 7.5 |
2005-12-31 | CVE-2005-4750 | BEA | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors. | 7.5 |
2005-12-31 | CVE-2005-4745 | Freeradius | SQL Injection vulnerability in Freeradius 1.0.3/1.0.4 SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2005-12-31 | CVE-2005-4741 | Netbsd | Local PTrace Privilege Escalation vulnerability in NetBSD NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. | 7.5 |
2005-12-31 | CVE-2005-4737 | IBM | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared. | 7.5 |
2005-12-31 | CVE-2005-4729 | Vbzoom | SQL Injection vulnerability in Vbzoom 1.11 SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter. | 7.5 |
2005-12-31 | CVE-2005-4725 | Geeklog | Security Bypass vulnerability in Geeklog (Extended Japanese Package) Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID. | 7.5 |
2005-12-31 | CVE-2005-4724 | Phptagcool | SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header. | 7.5 |
2005-12-31 | CVE-2005-4719 | Sysbotz | SQL-Injection vulnerability in Systems Panel Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php. | 7.5 |
2005-12-31 | CVE-2005-4715 | Francisco Burzi | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8 Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. | 7.5 |
2005-12-31 | CVE-2005-4714 | Openvmps | Unspecified vulnerability in Openvmps 1.3 Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
2005-12-31 | CVE-2005-4694 | Plain Black | Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors. | 7.5 |
2005-12-31 | CVE-2005-4692 | Mroovca | Remote Security vulnerability in Mroovca Stats Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5b has unknown attack vectors and impact, related to cookies. | 7.5 |
2005-12-31 | CVE-2005-4674 | Complete PHP Counter | SQL Injection vulnerability in Complete PHP Counter Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter. | 7.5 |
2005-12-31 | CVE-2005-4669 | RT Internet Solutions | SQL-Injection vulnerability in Rt Internet Solutions Webadmin SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | 7.5 |
2005-12-31 | CVE-2005-4657 | Ocean12 Technologies | Authentication Bypass vulnerability in Ocean12 Technologies Calendar Manager PRO 1.01 Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. | 7.5 |
2005-12-31 | CVE-2005-4647 | Pearlinger | SQL Injection vulnerability in Pearl Forums Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) forumsId and (2) topicId parameters in index.php. | 7.5 |
2005-12-31 | CVE-2005-4645 | 3Cfr | SQL-Injection vulnerability in 3Cfr SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter. | 7.5 |
2005-12-31 | CVE-2005-4643 | Antharia | SQL Injection vulnerability in Antharia OnContent // CMS SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 |
2005-12-31 | CVE-2005-4641 | Eazycms | SQL-Injection vulnerability in Eazycms 2.0 SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | 7.5 |
2005-12-31 | CVE-2005-4640 | Class 1 | SQL-Injection vulnerability in Poll Software SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters. | 7.5 |
2005-12-31 | CVE-2005-4634 | Activecampaign | SQL-Injection vulnerability in Activecampaign Supporttrio 1.4 SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2005-12-31 | CVE-2005-4632 | Vote PRO | SQL Injection vulnerability in Vote PRO Vote PRO SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | 7.5 |
2005-12-31 | CVE-2005-4631 | Ryan Lath | SQL-Injection vulnerability in Zina SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter. | 7.5 |
2005-12-31 | CVE-2005-4630 | Clientexec | SQL-Injection vulnerability in Clientexec 2.3 SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters. | 7.5 |
2005-12-31 | CVE-2005-4629 | Smbcms | SQL-Injection vulnerability in Smbcms 2.1 SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters. | 7.5 |
2005-12-31 | CVE-2005-4628 | Help Desk Point Software | SQL-Injection vulnerability in Helpdeskpoint SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2005-12-31 | CVE-2005-4622 | Efilego | Input Validation vulnerability in Efilego 3.0.1 Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... | 7.5 |
2005-12-31 | CVE-2005-4619 | Phpoutsourcing | SQL Injection vulnerability in PHPOutsourcing Zorum RollID SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method. | 7.5 |
2005-12-31 | CVE-2005-4617 | Forperfect | SQL Injection vulnerability in Forperfect Csupport 1.0 SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter. | 7.5 |
2005-12-31 | CVE-2005-4616 | Idevspot | SQL-Injection vulnerability in Idevspot Isupport 1.06 SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitrary SQL commands via the include_file parameter. | 7.5 |
2005-12-31 | CVE-2005-4615 | Dapperdesk | SQL-Injection vulnerability in DapperDesk SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2005-12-31 | CVE-2005-4614 | SUM Effect Software | SQL-Injection vulnerability in digiSHOP Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full installation path via (1) the c parameter in cart.php and (2) unspecified search module parameters. | 7.5 |
2005-12-31 | CVE-2005-4612 | Vubb | SQL-Injection vulnerability in Vubb Alpharc1 Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote attackers to execute arbitrary SQL commands via the (1) f parameter to viewforum.php, (2) t parameter to viewtopic.php, and (3) view parameter to usercp.php. | 7.5 |
2005-12-31 | CVE-2005-4611 | Phpfreebies COM | SQL-Injection vulnerability in Free Clickbank SQL injection vulnerability in search.php in Free ClickBank 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keywords parameter. | 7.5 |
2005-12-31 | CVE-2005-4610 | Dopewars | Unspecified vulnerability in Dopewars Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors. | 7.5 |
2005-12-31 | CVE-2005-4608 | Incogen | SQL Injection vulnerability in INCOGEN Bugport SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters. | 7.5 |
2005-12-31 | CVE-2005-4606 | Webwiz | SQL Injection vulnerability in Webwiz products SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter. | 7.5 |
2005-12-31 | CVE-2005-4602 | Mybulletinboard | SQL Injection vulnerability in MyBB File Upload SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment. | 7.5 |
2005-12-31 | CVE-2005-4601 | Imagemagick | Remote Command Execution vulnerability in Imagemagick 6.2.4.5 The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. | 7.5 |
2005-12-31 | CVE-2005-4594 | Tugzip | Buffer Overflow vulnerability in Tugzip 3.4.0.0 Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive. | 7.5 |
2005-12-31 | CVE-2005-4593 | Joshua Eichorn | Remote and Local File Include vulnerability in PHPDocumentor PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary code via a URL in the (1) FORUM[LIB] parameter in Documentation/tests/bug-559668.php and (2) the root_dir parameter in docbuilder/file_dialog.php. | 7.5 |
2005-12-31 | CVE-2005-4592 | Bogofilter | Remote Buffer Overflow vulnerability in Bogofilter Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex. | 7.5 |
2005-12-31 | CVE-2005-4591 | Bogofilter | Remote Buffer Overflow vulnerability in Bogofilter Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets. | 7.5 |
2005-12-31 | CVE-2005-4418 | Vserver | Unspecified vulnerability in Vserver Util-Vserver 0/0.30.209 util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities. | 7.5 |
2005-12-31 | CVE-2005-4085 | Bluecoat | Remote Host Header Buffer Overflow vulnerability in Bluecoat Proxyav and Webproxy Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header. | 7.5 |
2005-12-31 | CVE-2005-3713 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block. | 7.5 |
2005-12-31 | CVE-2005-3711 | Apple | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values. | 7.5 |
2005-12-31 | CVE-2005-3710 | Apple | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. | 7.5 |
2005-12-31 | CVE-2005-3709 | Apple | Numeric Errors vulnerability in Apple Quicktime Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file. | 7.5 |
2005-12-31 | CVE-2005-3708 | Apple | Code Execution vulnerability in RETIRED: Apple QuickTime Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. | 7.5 |
2005-12-31 | CVE-2005-3707 | Apple | Code Execution vulnerability in RETIRED: Apple QuickTime Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. | 7.5 |
2005-12-31 | CVE-2005-3658 | EMC | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Legato Networker Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe). | 7.5 |
2005-12-31 | CVE-2005-3655 | Novell | Remote Manager HTTP Request Header Heap Overflow vulnerability in Novell Open Enterprise Server 9 Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. | 7.5 |
2005-12-31 | CVE-2005-3654 | Bluecoat | Remote Denial Of Service vulnerability in Blue Coat Systems WinProxy Telnet Blue Coat Systems Inc. | 7.5 |
2005-12-31 | CVE-2005-3628 | Xpdf | Unspecified vulnerability in Xpdf Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. | 7.5 |
2005-12-31 | CVE-2005-3627 | Xpdf | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo. | 7.5 |
2005-12-31 | CVE-2005-3540 | Petris | Local Buffer Overflow vulnerability in Petris Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors. | 7.5 |
2005-12-31 | CVE-2005-3539 | Hylafax | Scripts Remote Command Execution vulnerability in Hylafax Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3. | 7.5 |
2005-12-31 | CVE-2005-3538 | Ifax Solutions | Remote PAM Authentication Bypass vulnerability in Ifax Solutions Hylafax 4.2.3 hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges. | 7.5 |
2005-12-31 | CVE-2005-3058 | Fortinet | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortigate and Fortios Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. | 7.5 |
2005-12-31 | CVE-2005-2464 | Pcxp Toppe CMS | Security Bypass vulnerability in Pcxp Toppe CMS Pcxp Toppe CMS 1.15/2 login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid. | 7.5 |
2005-12-31 | CVE-2005-2341 | RIM | Buffer Errors vulnerability in RIM products Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service (hang) via an e-mail attachment with a crafted TIFF file. | 7.5 |
2005-12-31 | CVE-2005-2340 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. | 7.5 |
2005-12-31 | CVE-2005-2315 | Dnrd | Remote Security vulnerability in dnrd Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS packets with the Z and QR flags cleared. | 7.5 |
2005-12-30 | CVE-2005-4586 | Phpsurveyor | SQL Injection vulnerability in PHPsurveyor 0.99 Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts. | 7.5 |
2005-12-29 | CVE-2005-4582 | Scott Draves | Remote Security vulnerability in Scott Draves Electric Sheep 2.6.3 Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via (1) DNS spoofing, (2) a URL on the command line, or (3) a URL in the configuration file. | 7.5 |
2005-12-29 | CVE-2005-4578 | Hitachi | Input Validation vulnerability in Hitachi Business Logic Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form. | 7.5 |
2005-12-29 | CVE-2005-4573 | Plogger | Code Injection vulnerability in Plogger PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter. | 7.5 |
2005-12-29 | CVE-2005-4572 | Myezshop | Input Validation vulnerability in myEZshop Shopping Cart Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) GroupsId and (2) ItemsId parameters in admin.php. | 7.5 |
2005-12-29 | CVE-2005-4569 | Floosietek | Remote vulnerability in Floosietek Ftgate 4.4Build4.4.000 Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzoffset value. | 7.5 |
2005-12-29 | CVE-2005-4568 | Floosietek | Remote vulnerability in Floosietek Ftgate 4.4Build4.4.000 Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote attackers to execute arbitrary code via format string specifiers in the (1) USER, (2) PASS, and (3) TOP commands to the POP3 server; and the (4) LIST and (5) AUTHENTICATE commands to the IMAP server. | 7.5 |
2005-12-29 | CVE-2005-4563 | Enterprise Heart | SQL Injection vulnerability in Enterprise Heart Enterprise Connector 1.0.2 SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875. | 7.5 |
2005-12-28 | CVE-2005-4560 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows 2003 Server and Windows XP The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. | 7.5 |
2005-12-28 | CVE-2005-4556 | Deerfield Icewarp Merak | Input Validation vulnerability in IceWarp Universal WebMail PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php. | 7.5 |
2005-12-28 | CVE-2005-4554 | DEV | Input Validation vulnerability in DEV web Management System 1.5 Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php. | 7.5 |
2005-12-28 | CVE-2005-4553 | Kmint21 Software | Buffer Overflow vulnerability in Kmint21 Software Golden FTP Server 1.92 Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long APPE command. | 7.5 |
2005-12-28 | CVE-2005-4548 | RWS | SQL Injection vulnerability in Real Web Solution Statistics Counter Service SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2005-12-28 | CVE-2005-4534 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 7.5 |
2005-12-28 | CVE-2005-4533 | Scponly | Local vulnerability in SCPOnly Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered. | 7.5 |
2005-12-28 | CVE-2005-4529 | Chatspot | Remote Security vulnerability in Chatspot 2.0.0A7 The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to impersonate other users via unknown vectors. | 7.5 |
2005-12-28 | CVE-2005-4528 | Chatspot | SQL-Injection vulnerability in Chatspot 2.0.0A7 SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2005-12-28 | CVE-2005-4527 | Direct News | Unspecified vulnerability in Direct News Direct News 4.9 Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters. | 7.5 |
2005-12-28 | CVE-2005-4519 | Mantis | Unspecified vulnerability in Mantis Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php. | 7.5 |
2005-12-28 | CVE-2005-4518 | Mantis | Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php. | 7.5 |
2005-12-28 | CVE-2005-4517 | PHP Fusion | SQL-Injection vulnerability in PHP Fusion SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php. | 7.5 |
2005-12-27 | CVE-2005-3535 | Ketm | Unspecified vulnerability in Ketm 0.0.6 Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors. | 7.5 |
2005-12-31 | CVE-2005-4864 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable. | 7.2 |
2005-12-31 | CVE-2005-4863 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter. | 7.2 |
2005-12-31 | CVE-2005-4795 | SUN | Local Security vulnerability in SUN Sunos 5.7/5.8 Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local users to gain privileges via unknown attack vectors. | 7.2 |
2005-12-31 | CVE-2005-4776 | Netbsd | Denial-Of-Service vulnerability in NetBSD Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. | 7.2 |
2005-12-31 | CVE-2005-4762 | BEA | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges. | 7.2 |
2005-12-31 | CVE-2005-4708 | Adobe | Local Privilege Escalation vulnerability in Macromedia eLicensing Client Activation Code Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System. | 7.2 |
2005-12-31 | CVE-2005-4595 | Gentoo | Unspecified vulnerability in Gentoo Nview and Xnview Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory. | 7.2 |
2005-12-31 | CVE-2005-3629 | Redhat | Local Privilege Escalation vulnerability in Red Hat Initscripts initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors. | 7.2 |
2005-12-31 | CVE-2005-3340 | NEW Breed Software | Unspecified vulnerability in NEW Breed Software TUX Paint 0.9.14 The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors. | 7.2 |
2005-12-31 | CVE-2005-2934 | SCO | Local Privilege Escalation vulnerability in SCO Unixware 7.1.3/7.1.4 Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors. | 7.2 |
2005-12-31 | CVE-2005-2932 | Checkpoint | Permissions, Privileges, and Access Controls vulnerability in Checkpoint Zonealarm and Zonealarm Security Suite Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls. | 7.2 |
2005-12-31 | CVE-2005-2711 | ISS | Local Privilege Escalation vulnerability in Internet Security Systems BlackICE and RealSecure Desktop ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM. | 7.2 |
2005-12-31 | CVE-2005-1528 | QNX | Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.2.1 Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library. | 7.2 |
2005-12-28 | CVE-2005-3345 | Rssh | Local Privilege Escalation vulnerability in RSSH RSSH_CHROOT_HELPER rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory. | 7.2 |
2005-12-28 | CVE-2005-4552 | SUN | Unspecified vulnerability in SUN Solaris PC Netlink 2.0 The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges. | 7.2 |
2005-12-28 | CVE-2005-4532 | Scponly | Local vulnerability in SCPOnly scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD_PRELOAD to modify expected function calls in the setuid application. | 7.2 |
2005-12-31 | CVE-2005-4868 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 Universal Database Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | 7.1 |
2005-12-31 | CVE-2005-4844 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | 7.1 |
2005-12-31 | CVE-2005-4842 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 7.0 The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | 7.1 |
2005-12-31 | CVE-2005-4841 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 7.0 The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | 7.1 |
2005-12-31 | CVE-2005-4835 | Madwifi | Denial-Of-Service vulnerability in MADWifi The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. | 7.1 |
2005-12-31 | CVE-2005-4625 | Intel ATI | Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999. | 7.1 |
214 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-31 | CVE-2005-4790 | Novell Suse | Local Privilege Escalation vulnerability in Tomboy LD_LIBRARY_PATH Environment Variable Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. | 6.9 |
2005-12-31 | CVE-2005-4866 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. | 6.8 |
2005-12-31 | CVE-2005-4819 | IBM | Cross-Site Scripting vulnerability in Lotus Domino Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 6.8 |
2005-12-31 | CVE-2005-4751 | BEA | Multiple vulnerability in BEA WebLogic Server and WebLogic Express Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors. | 6.8 |
2005-12-31 | CVE-2005-4748 | Vwar | Remote File Include vulnerability in Vwar Virtual WAR 1.3/1.4/1.5.0R10 PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. | 6.8 |
2005-12-31 | CVE-2005-4739 | IBM | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action. | 6.8 |
2005-12-31 | CVE-2005-4736 | IBM | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | 6.8 |
2005-12-31 | CVE-2005-4735 | IBM | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. | 6.8 |
2005-12-31 | CVE-2005-4711 | Neocrome | SQL-Injection vulnerability in Neocrome Land Down Under SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. | 6.8 |
2005-12-31 | CVE-2005-4658 | Iisworks | Cross-Site Scripting vulnerability in Iisworks Aspknowledgebase Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | 6.8 |
2005-12-31 | CVE-2005-3619 | Vmware | Unspecified vulnerability in VMWare ESX Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files. | 6.8 |
2005-12-31 | CVE-2005-2714 | Apple | Link Following vulnerability in Apple mac OS X and mac OS X Server passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file. | 6.8 |
2005-12-31 | CVE-2005-2713 | Apple | Multiple vulnerability in Apple Mac OS X Security Update 2006-001 passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option. | 6.8 |
2005-12-31 | CVE-2005-4738 | IBM | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. | 6.5 |
2005-12-31 | CVE-2005-3712 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes. | 6.5 |
2005-12-31 | CVE-2005-3526 | Ipswitch | Remote Buffer Overflow vulnerability in Ipswitch IMail Server / Collaboration Suite IMAP FETCH Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. | 6.5 |
2005-12-28 | CVE-2005-4558 | Deerfield Icewarp Merak | Input Validation vulnerability in IceWarp Universal WebMail IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html. | 6.5 |
2005-12-31 | CVE-2005-4859 | Chitta | Unspecified vulnerability in Chitta Mimicboard mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mimic2.dat. | 6.4 |
2005-12-31 | CVE-2005-4828 | Kolab | Remote Security vulnerability in Kolab Groupware Server 2.0.0/2.0.1 Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. | 6.4 |
2005-12-31 | CVE-2005-4772 | Suse | Unspecified vulnerability in Suse products liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013. | 6.4 |
2005-12-31 | CVE-2005-4734 | RSA | Remote Stack Based Buffer Overflow vulnerability in RSA Authentication Agent IISWebAgentIF.DLL Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method. | 6.4 |
2005-12-31 | CVE-2005-4702 | Ipbproarcade | Remote SQL Injection vulnerability in Ipbproarcade 2.5.2 SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. | 6.4 |
2005-12-31 | CVE-2005-4685 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | 6.4 |
2005-12-31 | CVE-2005-4684 | KDE | Unspecified vulnerability in KDE Konqueror Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | 6.4 |
2005-12-31 | CVE-2005-4654 | HP | Remote Security vulnerability in HP Oracle for Openview 8.1.7/9.1.01/9.2 Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. | 6.4 |
2005-12-31 | CVE-2005-4652 | Phlymail | Input Validation vulnerability in Phlymail 3.02.01 SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 6.4 |
2005-12-31 | CVE-2005-4651 | Alstrasoft | SQL-Injection vulnerability in Alstrasoft Epay 2.0 SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. | 6.4 |
2005-12-31 | CVE-2005-4600 | Moxiecode | Path Traversal vulnerability in Moxiecode Tinymce Compressor PHP Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter. | 6.4 |
2005-12-31 | CVE-2005-3706 | Apple | Multiple vulnerability in Apple Mac OS X Security Update 2006-001 Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory. | 6.4 |
2005-12-31 | CVE-2005-2468 | Mysql | SQL Injection vulnerability in MySQL Eventum Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php. | 6.4 |
2005-12-31 | CVE-2005-2466 | Openbook | SQL Injection vulnerability in Openbook 1.2.2 Multiple SQL injection vulnerabilities in the auth_user function in admin.php in OpenBook 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | 6.4 |
2005-12-31 | CVE-2005-2463 | Kayako | Input Validation vulnerability in Kayako Liveresponse 2.0 Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message. | 6.4 |
2005-12-31 | CVE-2005-2461 | Kayako | Input Validation vulnerability in Kayako Liveresponse 2.0 Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter. | 6.4 |
2005-12-31 | CVE-2005-1755 | PHP Poll Creator | Remote Security vulnerability in PHP Poll Creator PHP Poll Creator 1.01 PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter. | 6.4 |
2005-12-31 | CVE-2005-1752 | Gforge | Remote Arbitrary Command Execution vulnerability in GForge viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter. | 6.4 |
2005-12-31 | CVE-2005-4826 | Cisco | Denial Of Service vulnerability in Cisco IOS 12.1(22)Ea3 Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776. | 6.1 |
2005-12-31 | CVE-2005-2467 | Mysql | Cross-Site Scripting vulnerability in MySQL Eventum Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. | 5.8 |
2005-12-31 | CVE-2005-2465 | PC Experience Toppe | Cross-Site Scripting vulnerability in PC-Experience/Toppe PM.PHP MSG Parameter Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable. | 5.8 |
2005-12-31 | CVE-2005-2460 | Kayako | Input Validation vulnerability in Kayako Liveresponse 2.0 Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message. | 5.8 |
2005-12-29 | CVE-2005-4567 | Floosietek | Remote vulnerability in Floosietek Ftgate 4.4Build4.4.000 Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (Build 4.4.000 Oct 26 2005) allow remote attackers to inject arbitrary web script or HTML by sending (1) the href parameter to index.fts, or the param1 parameter to (2) /domains/index.fts, (3) /config/licence.fts, or (4) /config/systemacl.fts. | 5.8 |
2005-12-31 | CVE-2005-4825 | Cisco | Denial-Of-Service vulnerability in Cisco Clean Access (CCA) Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332. | 5.7 |
2005-12-31 | CVE-2005-4784 | Austin Group | Buffer Overflow vulnerability in Multiple Vendor ReadDir_R Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib. | 5.6 |
2005-12-31 | CVE-2005-4766 | BEA | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic. | 5.4 |
2005-12-31 | CVE-2005-4799 | Yapig | Cross-Site Scripting vulnerability in Yapig Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. | 5.1 |
2005-12-31 | CVE-2005-4767 | BEA | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password. | 5.1 |
2005-12-31 | CVE-2005-4760 | BEA | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected." | 5.1 |
2005-12-31 | CVE-2005-4727 | Martin Bauer | Cross-Site Scripting vulnerability in Gbook 1.0/1.0.1 Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field. | 5.1 |
2005-12-31 | CVE-2005-4648 | Illustrate | Denial-Of-Service vulnerability in dbPowerAmp Music Converter Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. | 5.1 |
2005-12-31 | CVE-2005-3240 | Microsoft | Race Condition vulnerability in Microsoft IE and Internet Explorer Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. | 5.1 |
2005-12-28 | CVE-2005-4530 | Alstrasoft | HTML Injection vulnerability in Alstrasoft Epay 3.0 Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm. | 5.1 |
2005-12-31 | CVE-2005-4862 | Xwiki | Credentials Management vulnerability in Xwiki 0.9.793 The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | 5.0 |
2005-12-31 | CVE-2005-4856 | EZ | Data Processing Errors vulnerability in EZ Publish The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url". | 5.0 |
2005-12-31 | CVE-2005-4854 | EZ | Permissions, Privileges, and Access Controls vulnerability in EZ Publish eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders. | 5.0 |
2005-12-31 | CVE-2005-4852 | EZ | Permissions, Privileges, and Access Controls vulnerability in EZ Publish The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin. | 5.0 |
2005-12-31 | CVE-2005-4850 | EZ | Permissions, Privileges, and Access Controls vulnerability in EZ Publish eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users. | 5.0 |
2005-12-31 | CVE-2005-4849 | Apache | Information Exposure vulnerability in Apache Derby 10.0.2.1/10.1.1.0 Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | 5.0 |
2005-12-31 | CVE-2005-4845 | SUN | Configuration vulnerability in SUN Java Plug-In 1.4.203/1.4.204 The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | 5.0 |
2005-12-31 | CVE-2005-4839 | Claymore Systems INC | Remote Security vulnerability in PureTLS PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates. | 5.0 |
2005-12-31 | CVE-2005-4834 | IBM | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. | 5.0 |
2005-12-31 | CVE-2005-4820 | SMC Networks | Remote Denial Of Service vulnerability in SMC SMC7904WBRA Wireless Router SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic. | 5.0 |
2005-12-31 | CVE-2005-4813 | Businessobjects | Denial Of Service vulnerability in Business Objects Enterprise/Crystal Reports Server Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections. | 5.0 |
2005-12-31 | CVE-2005-4810 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX). | 5.0 |
2005-12-31 | CVE-2005-4809 | Mozilla | Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. | 5.0 |
2005-12-31 | CVE-2005-4806 | SUN | Denial-Of-Service vulnerability in SUN Java System web Proxy Server 3.6 Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unresponsive service) via unknown vectors. | 5.0 |
2005-12-31 | CVE-2005-4805 | SUN | Unspecified vulnerability in SUN Java System Application Server 6.0/7.0 Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors. | 5.0 |
2005-12-31 | CVE-2005-4804 | SUN | Unspecified vulnerability in SUN Java System Application Server 8.1 Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications. | 5.0 |
2005-12-31 | CVE-2005-4797 | SUN | Unspecified vulnerability in SUN Solaris and Sunos Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command. | 5.0 |
2005-12-31 | CVE-2005-4794 | Cisco | Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. | 5.0 |
2005-12-31 | CVE-2005-4781 | Sergids | SQL Injection vulnerability in Sergids TOP Music Module 3.0Pr3 Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the (1) idartist, (2) idsong, and (3) idalbum parameters to modules.php. | 5.0 |
2005-12-31 | CVE-2005-4775 | Michael Scholz | Remote Security vulnerability in Michael Scholz Contineo 2.0 Michael Scholz and Sebastian Stein Contineo 2.0, when the admin account lacks an e-mail address attribute, displays the password hash in a warning upon page reload, which might allow remote attackers to view the hash. | 5.0 |
2005-12-31 | CVE-2005-4759 | BEA | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages. | 5.0 |
2005-12-31 | CVE-2005-4754 | BEA | Multiple vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation." | 5.0 |
2005-12-31 | CVE-2005-4753 | BEA | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection. | 5.0 |
2005-12-31 | CVE-2005-4749 | BEA | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors. | 5.0 |
2005-12-31 | CVE-2005-4743 | Nelogic Technologies | SQL-Injection vulnerability in Nephp Publisher Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters. | 5.0 |
2005-12-31 | CVE-2005-4731 | THE PHP Group | Remote Security vulnerability in the PHP Group Pear Html Quickform Controller 1.0.4 The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors. | 5.0 |
2005-12-31 | CVE-2005-4726 | Mute | Information Disclosure vulnerability in Mute 0.4 MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is near the end of a message chain. | 5.0 |
2005-12-31 | CVE-2005-4722 | THE Media Shoppe Berhad | Information Disclosure vulnerability in Tmspublisher 3.0/3.3 _Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message. | 5.0 |
2005-12-31 | CVE-2005-4720 | Mozilla | Denial Of Service vulnerability in Mozilla Firefox IFRAME Handling Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack. | 5.0 |
2005-12-31 | CVE-2005-4718 | Opera | Unspecified vulnerability in Opera Browser Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute. | 5.0 |
2005-12-31 | CVE-2005-4717 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. | 5.0 |
2005-12-31 | CVE-2005-4716 | Hitachi | Denial-Of-Service vulnerability in Hitachi TP1/Server Base Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid data to a port used by a system-server process, and (2) cause a denial of service (process failure) via invalid data to a port used by any of certain other processes. | 5.0 |
2005-12-31 | CVE-2005-4713 | PAM Mysql | Denial Of Service vulnerability in PAM-MySQL Code Execution And Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call. | 5.0 |
2005-12-31 | CVE-2005-4712 | PHP Handicapper | Remote Security vulnerability in PHP Handicapper CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. | 5.0 |
2005-12-31 | CVE-2005-4709 | Jboss | The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread. | 5.0 |
2005-12-31 | CVE-2005-4705 | BEA | Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection. | 5.0 |
2005-12-31 | CVE-2005-4704 | BEA | Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1 Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges. | 5.0 |
2005-12-31 | CVE-2005-4700 | Tellme | Information Disclosure vulnerability in Tellme 1.2 TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message. | 5.0 |
2005-12-31 | CVE-2005-4695 | Symantec | Denial Of Service vulnerability in Symantec Brightmail Antispam 6.0/6.0.1/6.0.2 Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages. | 5.0 |
2005-12-31 | CVE-2005-4693 | Gaim Encryption | Denial-Of-Service vulnerability in Gaim-Encryption 2.381 Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c. | 5.0 |
2005-12-31 | CVE-2005-4689 | SIX Apart | Remote Security vulnerability in Six Apart Movable Type Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie. | 5.0 |
2005-12-31 | CVE-2005-4688 | Punbb | Denial-Of-Service vulnerability in Punbb 1.2.9 PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session. | 5.0 |
2005-12-31 | CVE-2005-4687 | F ART Agency Punbb | PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. | 5.0 |
2005-12-31 | CVE-2005-4686 | Punbb | Information Disclosure vulnerability in PunBB/BLOG:CMS PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information. | 5.0 |
2005-12-31 | CVE-2005-4680 | Sophos | Remote Security vulnerability in Sophos Anti-Virus Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned. | 5.0 |
2005-12-31 | CVE-2005-4679 | Microsoft | Remote Security vulnerability in Microsoft IE 6 Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | 5.0 |
2005-12-31 | CVE-2005-4678 | Apple | Remote Security vulnerability in Apple Safari 2.0.2 Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | 5.0 |
2005-12-31 | CVE-2005-4676 | Andreas Huggel | Denial Of Service vulnerability in Exiv2 Corrupted EXIF Data Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata. | 5.0 |
2005-12-31 | CVE-2005-4673 | Inicom Networks | Unspecified vulnerability in Inicom Networks Ioftpd 5.8.4U ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames. | 5.0 |
2005-12-31 | CVE-2005-4664 | Ocomon | SQL-Injection vulnerability in Ocomon 1.21 SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662. | 5.0 |
2005-12-31 | CVE-2005-4662 | Ocomon | SQL Injection vulnerability in OcoMon Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664. | 5.0 |
2005-12-31 | CVE-2005-4661 | Campware ORG | Remote Security vulnerability in Campware.Org Campsite 2.2.2 The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password. | 5.0 |
2005-12-31 | CVE-2005-4656 | Triggertg | SQL Injection vulnerability in Triggertg Tclanportal 1.1.3 SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter. | 5.0 |
2005-12-31 | CVE-2005-4653 | AL Caricatier | Authentication Bypass vulnerability in AL-Caricatier 1.0/2.5 Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument. | 5.0 |
2005-12-31 | CVE-2005-4646 | Pearlinger | Local File Include vulnerability in Pearl Forums 2.0/2.4 Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 allows remote attackers to include arbitrary files via the mode parameter, possibly due to a directory traversal vulnerability. | 5.0 |
2005-12-31 | CVE-2005-4638 | Kayako | Remote Security vulnerability in SupportSuite index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module. | 5.0 |
2005-12-31 | CVE-2005-4626 | Recruitment Software | SQL-Injection vulnerability in Recruitment Software The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request. | 5.0 |
2005-12-31 | CVE-2005-4624 | Ptnet | Remote Denial of Service vulnerability in PTnet Ircd 1.5/1.6 The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users. | 5.0 |
2005-12-31 | CVE-2005-4623 | Efilego | Input Validation vulnerability in Efilego 3.01 upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name. | 5.0 |
2005-12-31 | CVE-2005-4609 | Incogen | Information Disclosure vulnerability in BugPort index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter. | 5.0 |
2005-12-31 | CVE-2005-4347 | Debian | Unspecified vulnerability in Debian Linux and Kernel-Patch-Vserver The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver. | 5.0 |
2005-12-31 | CVE-2005-3714 | Apple | Resource Management Errors vulnerability in Apple Airport Express and Airport Extreme The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets. | 5.0 |
2005-12-31 | CVE-2005-3659 | EMC | Resource Management Errors vulnerability in EMC Legato Networker 7.2/7.2.1/7.2Build172 nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference. | 5.0 |
2005-12-31 | CVE-2005-3630 | Redhat | Information Disclosure vulnerability in Redhat Fedora Core 1.0 Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives. | 5.0 |
2005-12-31 | CVE-2005-3626 | Easy Software Products KDE Libextractor Poppler SGI Tetex Xpdf Conectiva Debian Gentoo Mandrakesoft Redhat SCO Slackware Suse Trustix Turbolinux Ubuntu | Resource Management Errors vulnerability in multiple products Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. | 5.0 |
2005-12-31 | CVE-2005-3624 | Easy Software Products KDE Libextractor Poppler SGI Tetex Xpdf Conectiva Debian Gentoo Mandrakesoft Redhat SCO Slackware Suse Trustix Turbolinux Ubuntu | Numeric Errors vulnerability in multiple products The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. | 5.0 |
2005-12-31 | CVE-2005-3187 | Bluecoat | Remote Denial Of Service vulnerability in Bluecoat Winproxy 6.0 The listening daemon in Blue Coat Systems Inc. | 5.0 |
2005-12-31 | CVE-2005-2738 | SUN | Unspecified vulnerability in SUN Java 1.4.2 Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program. | 5.0 |
2005-12-31 | CVE-2005-2344 | RIM | Buffer Errors vulnerability in RIM Blackberry Enterprise Server 4.0/4.0Sp1/4.0Sp2 The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0 to version 4.0 Service Pack 2 allows attackers to cause a denial of service via a malformed Portable Network Graphics (PNG) file that triggers a heap-based buffer overflow. | 5.0 |
2005-12-31 | CVE-2005-2316 | Dnrd | Denial-Of-Service vulnerability in dnrd Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (infinite recursion) via a DNS packet that uses message compression in the QNAME and two pointers that point to each other (circular buffer). | 5.0 |
2005-12-31 | CVE-2005-2194 | Apple | TCP/IP Remote Denial Of Service vulnerability in Apple Mac OSX Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing. | 5.0 |
2005-12-31 | CVE-2005-1939 | Ipswitch | Directory Traversal vulnerability in Ipswitch Whatsup Small Business 2004 Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022). | 5.0 |
2005-12-31 | CVE-2005-0038 | Powerdns | Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. | 5.0 |
2005-12-31 | CVE-2005-0037 | Dnrd | Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. | 5.0 |
2005-12-31 | CVE-2005-0036 | Delegate ETL | Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. | 5.0 |
2005-12-29 | CVE-2005-4579 | Hitachi | Input Validation vulnerability in Hitachi Business Logic Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form. | 5.0 |
2005-12-29 | CVE-2005-4575 | Paperthin | Information Disclosure vulnerability in CommonSpot Content Server PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message. | 5.0 |
2005-12-29 | CVE-2005-4564 | Adtran | Multiple Unspecified vulnerability in ADTRAN NetVanta Products IKE Traffic The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to cause a denial of service via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 5.0 |
2005-12-28 | CVE-2005-4559 | Deerfield Icewarp Merak | Input Validation vulnerability in IceWarp Universal WebMail mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to access arbitrary files via a request with an unrecognized User Agent that also specifies the desired default_layout and layout_settings parameters. | 5.0 |
2005-12-28 | CVE-2005-4557 | Deerfield Icewarp Merak | Input Validation vulnerability in IceWarp Universal WebMail dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability. | 5.0 |
2005-12-28 | CVE-2005-4550 | Oracle | Remote vulnerability in Oracle Application Server Discussion Forum Portlet The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00). | 5.0 |
2005-12-28 | CVE-2005-4524 | Mantis | Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak. | 5.0 |
2005-12-28 | CVE-2005-4523 | Mantis | Unspecified vulnerability in Mantis Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information. | 5.0 |
2005-12-28 | CVE-2005-4521 | Mantis | CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php. | 5.0 |
2005-12-28 | CVE-2005-4520 | Mantis | Unspecified vulnerability in Mantis Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. | 5.0 |
2005-12-31 | CVE-2005-4811 | Linux | Local Denial of Service vulnerability in Linux Kernel UnMap_HugePage_Area The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function. | 4.9 |
2005-12-31 | CVE-2005-4782 | Netbsd | Local Denial of Service vulnerability in NetBSD SO_LINGER DIAGNOSTIC Checking NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is compiled with "options DIAGNOSTIC," allows local users to cause a denial of service (kernel assertion panic) via a negative linger time in the SO_LINGER socket option. | 4.9 |
2005-12-31 | CVE-2005-4777 | Tashcom | Local Security vulnerability in Tashcom Aspedit 2.9 Tashcom ASPEdit 2.9 stores the administration password (aka the FTP password) in cleartext in the registry, which might allow local users to view the password. | 4.9 |
2005-12-31 | CVE-2005-4742 | Pavel Kankovsky | Local Security vulnerability in Pavel Kankovsky Echelog 0.6.2 Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors. | 4.9 |
2005-12-31 | CVE-2005-4733 | Netbsd | Denial-Of-Service vulnerability in Netbsd 2.0 NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow local users to cause a denial of service (infinite loop and system hang) by calling the F_CLOSEM fcntl with a parameter value of 0. | 4.9 |
2005-12-31 | CVE-2005-0489 | Linux | Local Denial of Service vulnerability in Linux Kernel Invalid Proc Memory Access The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows local users to cause a denial of service via unknown vectors that cause an invalid access of free memory. | 4.9 |
2005-12-31 | CVE-2005-4802 | Flexbackup | Local Security vulnerability in Flexbackup Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. | 4.6 |
2005-12-31 | CVE-2005-4771 | Trust Digital | Authentication Bypass vulnerability in Trust Digital Trusted Mobility Suite Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized. | 4.6 |
2005-12-31 | CVE-2005-4752 | BEA | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role. | 4.6 |
2005-12-31 | CVE-2005-4728 | Debian | Local Code Execution vulnerability in Debian Amaya 9.2.1.6 Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory. | 4.6 |
2005-12-31 | CVE-2005-4710 | Autodesk | Products Remote Unauthorized Access vulnerability in Autodesk Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329. | 4.6 |
2005-12-31 | CVE-2005-4668 | Parosproxy | Local Security vulnerability in Parosproxy The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845. | 4.6 |
2005-12-31 | CVE-2005-4639 | Linux | Local Buffer Overflow vulnerability in Linux Kernel DVB Driver Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by "reading more than 8 bytes into an 8 byte long array". | 4.6 |
2005-12-31 | CVE-2005-4636 | Openoffice | Local Security vulnerability in Openoffice OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. | 4.6 |
2005-12-31 | CVE-2005-4620 | Rarlab | Buffer Overflow vulnerability in RARLAB WinRAR Command Line Processing Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. | 4.6 |
2005-12-31 | CVE-2005-2454 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. | 4.6 |
2005-12-31 | CVE-2005-1726 | Apple | Multiple vulnerability in Apple mac OS X 10.4.1 The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions." | 4.6 |
2005-12-30 | CVE-2005-4590 | SPB | Security Bypass vulnerability in SPB Kiosk Engine 1.0.0.1 Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will execute because of the autorun setting and (2) applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe file. | 4.6 |
2005-12-29 | CVE-2005-4581 | Scott Draves | Local Security vulnerability in Scott Draves Electric Sheep 2.6.3 Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. | 4.6 |
2005-12-28 | CVE-2005-4525 | Sygate Technologies | Unspecified vulnerability in Sygate Technologies Protection Agent 5.0Build6144 SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch. | 4.6 |
2005-12-27 | CVE-2005-3343 | Tkdiff | Unspecified vulnerability in Tkdiff tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
2005-12-31 | CVE-2005-4877 | Ignite Realtime | Cross-Site Scripting vulnerability in Ignite Realtime Openfire 2.3.0 Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876. | 4.3 |
2005-12-31 | CVE-2005-4876 | Ignite Realtime | Cross-Site Scripting vulnerability in Ignite Realtime Openfire 2.2.2 Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877. | 4.3 |
2005-12-31 | CVE-2005-4874 | Mozilla | Code Injection vulnerability in Mozilla 1.7.8 The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object. | 4.3 |
2005-12-31 | CVE-2005-4871 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.1 Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | 4.3 |
2005-12-31 | CVE-2005-4870 | IBM | Buffer Errors vulnerability in IBM DB2 8.1 Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | 4.3 |
2005-12-31 | CVE-2005-4858 | Chitta | HTML Injection vulnerability in Mimicboard2 Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element. | 4.3 |
2005-12-31 | CVE-2005-4846 | Spey | Improper Input Validation vulnerability in Spey 0.3.3 Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call. | 4.3 |
2005-12-31 | CVE-2005-4840 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Outlook Express Book Control The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. | 4.3 |
2005-12-31 | CVE-2005-4833 | IBM | Unspecified vulnerability in IBM Websphere Application Server 6.0 IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format. | 4.3 |
2005-12-31 | CVE-2005-4831 | Viewcvs | Cross-Site Scripting vulnerability in Viewcvs 0.9.2 viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. | 4.3 |
2005-12-31 | CVE-2005-4785 | JL Webworks | HTML Injection vulnerability in JL Webworks Quickblogger 1.4 Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section. | 4.3 |
2005-12-31 | CVE-2005-4774 | Xerver | Input Validation vulnerability in Xerver 4.17 Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI. | 4.3 |
2005-12-31 | CVE-2005-4732 | TUX Racer | Cross-Site Scripting vulnerability in Tuxbank Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) description parameters. | 4.3 |
2005-12-31 | CVE-2005-4721 | THE Media Shoppe Berhad | Cross-Site Scripting vulnerability in the Media Shoppe Berhad Tmspublisher 3.3 Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
2005-12-31 | CVE-2005-4707 | PHP GEN | Cross-Site Scripting vulnerability in PHP GEN Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
2005-12-31 | CVE-2005-4698 | Tellme | Cross-Site Scripting vulnerability in Tellme 1.2 Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters. | 4.3 |
2005-12-31 | CVE-2005-4682 | Audienceview | Cross-Site Scripting vulnerability in AudienceView Cross-site scripting (XSS) vulnerability in error.asp in AudienceView allows remote attackers to inject arbitrary web script or HTML via the TSerrorMessage parameter. | 4.3 |
2005-12-31 | CVE-2005-4675 | Complete PHP Counter | Cross-Site Scripting vulnerability in Complete PHP Counter Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter. | 4.3 |
2005-12-31 | CVE-2005-4672 | Citypost | Cross-Site Scripting vulnerability in Citypost Simple Image Editor 0.52 Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter. | 4.3 |
2005-12-31 | CVE-2005-4671 | Citypost | Cross-Site Scripting vulnerability in Citypost Simple PHP Upload 5.3 Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 4.3 |
2005-12-31 | CVE-2005-4670 | Citypost | Cross-Site Scripting vulnerability in Citypost PHP Lnkx 52.0 Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2005-12-31 | CVE-2005-4666 | Phlymail | Input Validation vulnerability in Phlymail 3.02.00/3.02.01 Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors. | 4.3 |
2005-12-31 | CVE-2005-4665 | Punbb | HTML Injection vulnerability in PunBB BBCode URL Tag Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. | 4.3 |
2005-12-31 | CVE-2005-4663 | Ocomon | Cross-Site Scripting vulnerability in OcoMon Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
2005-12-31 | CVE-2005-4655 | PHP Fusion | Unspecified vulnerability in PHP Fusion PHP Fusion 6.00.204 Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>". | 4.3 |
2005-12-31 | CVE-2005-4649 | Advanced Guestbook | Cross-Site Scripting vulnerability in Advanced Guestbook Advanced Guestbook 2.2/2.3.1 Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. | 4.3 |
2005-12-31 | CVE-2005-4644 | Edgewall Software | HTML Injection vulnerability in Edgewall Software Trac 0.9.2 Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. | 4.3 |
2005-12-31 | CVE-2005-4642 | Hydrobb | Cross-Site Scripting vulnerability in Hydrobb 1.0.0Beta2 Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) search.php, (2) members.php, (3) stats.php, (4) viewforum.php, (5) register.php, (6) usercp.php, (7) groups.php, (8) pms.php, and (9) calendar.php. | 4.3 |
2005-12-31 | CVE-2005-4637 | Kayako | Cross-Site Scripting vulnerability in Kayako SupportSuite Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module. | 4.3 |
2005-12-31 | CVE-2005-4627 | Gfhost Gmailsite | Cross-Site Scripting vulnerability in GMailSite Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. | 4.3 |
2005-12-31 | CVE-2005-4621 | Jelsoft | Cross-Site Scripting vulnerability in VBulletin Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. | 4.3 |
2005-12-31 | CVE-2005-4613 | Vubb | Cross-Site Scripting vulnerability in Vubb Alpharc1 Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in the user edit profile. | 4.3 |
2005-12-31 | CVE-2005-4607 | Incogen | Cross-Site Scripting vulnerability in INCOGEN Bugport Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters. | 4.3 |
2005-12-31 | CVE-2005-4603 | Mybulletinboard | HTML Injection vulnerability in MyBB Print Thread Script Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread. | 4.3 |
2005-12-31 | CVE-2005-4599 | Moxiecode | Multiple vulnerability in TinyMCE Compressor Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter. | 4.3 |
2005-12-31 | CVE-2005-4598 | Ooapp | Cross-Site Scripting vulnerability in Ooapp Guestbook 2.1 Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2005-12-31 | CVE-2005-4597 | Epistream | Cross-Site Scripting vulnerability in Epistream Ipei Guestbook 1.7 Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 1.7 allows remote attackers to inject arbitrary web script or HTML via the email parameter, as used by the email field, when signing a guestbook. | 4.3 |
2005-12-31 | CVE-2005-4596 | Ades Design | Cross-Site Scripting vulnerability in Ades Design Adesguestbook 2.0 Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter. | 4.3 |
2005-12-31 | CVE-2005-4351 | Dragonfly Freebsd Linux Openbsd | Local Security vulnerability in kernel The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. | 4.3 |
2005-12-30 | CVE-2005-4588 | Dream4 | Unspecified vulnerability in Dream4 Koobi 5.0 Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags. | 4.3 |
2005-12-29 | CVE-2005-4583 | Vmware | Cross-Site Scripting vulnerability in VMWare ESX Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | 4.3 |
2005-12-29 | CVE-2005-4580 | DAY | Cross-Site Scripting vulnerability in DAY Communique 4 Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search. | 4.3 |
2005-12-29 | CVE-2005-4577 | Hitachi | Input Validation vulnerability in Hitachi Business Logic Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form. | 4.3 |
2005-12-29 | CVE-2005-4576 | Fatwire | Cross-Site Scripting vulnerability in FatWire UpdateEngine Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters. | 4.3 |
2005-12-29 | CVE-2005-4574 | Paperthin | Cross-Site Scripting vulnerability in PaperThin CommonSpot Content Server Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter. | 4.3 |
2005-12-29 | CVE-2005-4571 | Myezshop | Input Validation vulnerability in myEZshop Shopping Cart Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. | 4.3 |
2005-12-28 | CVE-2005-4555 | DEV | Input Validation vulnerability in DEV web Management System 1.5 Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ENTER_ARTICLE_TITLE, (2) SPECIFY_ZONE, (3) ENTER_ARTICLE_HEADER, and (4) ENTER_ARTICLE_BODY indices in the language array parameter. | 4.3 |
2005-12-28 | CVE-2005-4551 | Simpbook | HTML Injection vulnerability in Simpbook 1.0 Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php. | 4.3 |
2005-12-28 | CVE-2005-4549 | Oracle | Remote vulnerability in Oracle Application Server Discussion Forum Portlet Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article. | 4.3 |
2005-12-28 | CVE-2005-4547 | Epic Designs | Cross-Site Scripting vulnerability in eggblog Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields. | 4.3 |
2005-12-28 | CVE-2005-4545 | Netdirect | Cross-Site Scripting vulnerability in ShopCentrik ShopEngine EXPS Parameter Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. | 4.3 |
2005-12-28 | CVE-2005-4522 | Mantis | Unspecified vulnerability in Mantis Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters. | 4.3 |
2005-12-28 | CVE-2005-4516 | PHP Fusion | Cross-Site Scripting vulnerability in PHP-Fusion Members.PHP Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags. | 4.3 |
2005-12-31 | CVE-2005-4857 | EZ | Resource Management Errors vulnerability in EZ Publish eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error". | 4.0 |
2005-12-31 | CVE-2005-4851 | EZ | Improper Authentication vulnerability in EZ Publish eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects. | 4.0 |
2005-12-31 | CVE-2005-4786 | Hauri | Remote Buffer Overflow vulnerability in Hauri Livecall, Virobot and Vrazmain.Dll Buffer overflow in the archive decompression library (vrAZMain.dll 5.8.22.137), as used in HAURI anti-virus products including (1) ViRobot Expert 4.0, (2) ViRobot Advanced Server, and (3) HAURI LiveCall, allows user-assisted attackers to execute arbitrary code via an ALZ archive containing a file with a long filename. | 4.0 |
2005-12-31 | CVE-2005-4758 | BEA | Multiple vulnerability in BEA Weblogic Server 8.1 Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP. | 4.0 |
2005-12-31 | CVE-2005-4740 | IBM | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." | 4.0 |
38 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-31 | CVE-2005-4667 | Info ZIP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Info-Zip Unzip Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. | 3.7 |
2005-12-31 | CVE-2005-4803 | Graphviz | Unspecified vulnerability in Graphviz graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 3.6 |
2005-12-31 | CVE-2005-4796 | SUN | Local Arbitrary File Corruption vulnerability in Sun Solaris XView Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits. | 3.6 |
2005-12-31 | CVE-2005-4779 | Netbsd | Local Security vulnerability in Netbsd 2.0/2.0.1/2.0.2 verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs. | 3.6 |
2005-12-31 | CVE-2005-4855 | EZ | Permissions, Privileges, and Access Controls vulnerability in EZ Publish Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks. | 3.5 |
2005-12-31 | CVE-2005-2343 | RIM | Denial Of Service vulnerability in RIM products Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed. | 2.6 |
2005-12-31 | CVE-2005-1918 | GNU Redhat | Path Traversal vulnerability in multiple products The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | 2.6 |
2005-12-31 | CVE-2005-4869 | IBM | Denial Of Service vulnerability in IBM DB2 8.1 The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference. | 2.1 |
2005-12-31 | CVE-2005-4791 | Novell | Local Privilege Escalation vulnerability in Novell Suse Linux 10.0 Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee. | 2.1 |
2005-12-31 | CVE-2005-4789 | Suse | Unspecified vulnerability in Suse Linux 9.2/9.3 resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level. | 2.1 |
2005-12-31 | CVE-2005-4788 | Suse | Unspecified vulnerability in Suse Linux 9.2/9.3 resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices." | 2.1 |
2005-12-31 | CVE-2005-4783 | Netbsd | Local Security vulnerability in NetBSD kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory. | 2.1 |
2005-12-31 | CVE-2005-4778 | Suse | Local Denial Of Service vulnerability in SUSE Linux PowerSave Daemon The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," which allows local users to suspend the computer and possibly perform certain other unauthorized actions. | 2.1 |
2005-12-31 | CVE-2005-4755 | BEA | Multiple vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys. | 2.1 |
2005-12-31 | CVE-2005-4706 | SUN | Local vulnerability in SUN Solaris 10.0 Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function. | 2.1 |
2005-12-31 | CVE-2005-4701 | SUN | Information Disclosure vulnerability in SUN Solaris 10.0 Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx. | 2.1 |
2005-12-31 | CVE-2005-4697 | Microsoft | Information Disclosure vulnerability in Microsoft Windows Wireless Zero Configuration Service The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. | 2.1 |
2005-12-31 | CVE-2005-4696 | Microsoft | Information Disclosure vulnerability in Microsoft Windows Wireless Zero Configuration Service The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network. | 2.1 |
2005-12-31 | CVE-2005-4691 | Netbsd | Unspecified vulnerability in Netbsd imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page. | 2.1 |
2005-12-31 | CVE-2005-4690 | SIX Apart | Unspecified vulnerability in SIX Apart Movable Type 3.16 Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. | 2.1 |
2005-12-31 | CVE-2005-4683 | Padl Software | Information Disclosure vulnerability in Padl Software Migrationtools 46 PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh. | 2.1 |
2005-12-31 | CVE-2005-4659 | Ipcop | Information Disclosure vulnerability in IPCop Backup Key IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup. | 2.1 |
2005-12-31 | CVE-2005-4536 | Debian | Unspecified vulnerability in Debian Libmail-Audit-Perl 2.15 Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file. | 2.1 |
2005-12-31 | CVE-2005-4352 | Linux Netbsd | The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." | 2.1 |
2005-12-31 | CVE-2005-3782 | Apple | Denial-Of-Service vulnerability in Apple Mac OS X Server Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username. | 2.1 |
2005-12-31 | CVE-2005-3620 | Vmware | Information Disclosure vulnerability in VMware ESX The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. | 2.1 |
2005-12-31 | CVE-2005-2762 | Avaya | Local Security vulnerability in Vpnremote Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials. | 2.1 |
2005-12-31 | CVE-2005-2462 | Kayako | Input Validation vulnerability in Kayako Liveresponse 2.0 Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. | 2.1 |
2005-12-31 | CVE-2005-0985 | Apple | Denial-Of-Service vulnerability in Apple Mac OS X Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver. | 2.1 |
2005-12-31 | CVE-2005-0136 | Linux | Unspecified vulnerability in Linux Kernel The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761. | 2.1 |
2005-12-30 | CVE-2005-4589 | SPB | Local Security vulnerability in SPB Kiosk Engine 1.0.0.1 Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the registry in plaintext, which allows local users to obtain the passcode. | 2.1 |
2005-12-27 | CVE-2005-3341 | Dhis Tools | Unspecified vulnerability in Dhis Tools DNS Package DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh. | 2.1 |
2005-12-31 | CVE-2005-3126 | Antiword | Link Following vulnerability in Antiword 0.32/0.35 The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files. | 1.9 |
2005-12-31 | CVE-2005-1976 | Novell | Unspecified vulnerability in Novell Netmail 3.5.2 Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files. | 1.7 |
2005-12-31 | CVE-2005-4761 | BEA | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used. | 1.2 |
2005-12-31 | CVE-2005-4660 | Ipcop | Unspecified vulnerability in Ipcop Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup. | 1.2 |
2005-12-31 | CVE-2005-3342 | Norman Ramsey | Unspecified vulnerability in Norman Ramsey Noweb 2.10C/2.9A noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm. | 1.2 |
2005-12-31 | CVE-2005-2527 | SUN | Link Following vulnerability in SUN Java Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. | 1.2 |