Security Vulnerabilities, CVEs, Published In September 2005 CVSS score >= 5

Buffer overflow in the ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long third argument to the GotNate.Excute method.

The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to download and execute arbitrary programs by setting the arguments to the GotNate.Excute method.

The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root.

The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.

Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.

Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable.

Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter.

Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers to execute arbitrary commands via shell metacharacters in the from parameter.

Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter.

Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer.

Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav file.

The SecureW2 3.0 TLS implementation uses weak random number generators (rand and srand from system time) during generation of the pre-master secret (PMS), which makes it easier for attackers to guess the secret and decrypt sensitive data.

Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter.

Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image.

SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the user_pass_sha1 value in a cookie.

contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set.

Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI.

Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to blogadmin.php.

SQL injection vulnerability in Zengaia before 0.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and before 1.10.1 allows remote attackers to execute arbitrary SQL commands via crafted syslog messages.

Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page.

SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

Unspecified vulnerability in Eric Integrated Development Environment (eric3) before 3.7.2 has unknown impact and attack vectors related to a "potential security exploit."

MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted command 40 that causes a -1 length to be used and triggers an out-of-bounds read.

MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt).