Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-03 | CVE-2005-1414 | Local Information Disclosure vulnerability in FilePocket ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges. | 4.6 |
2005-05-03 | CVE-2005-1413 | SQL Injection vulnerability in Envivosoft Envivo CMS 3.54 Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp. | 7.5 |
2005-05-03 | CVE-2005-1412 | Unspecified vulnerability in Ecomm Professional Guestbook 3 SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter. | 7.5 |
2005-05-03 | CVE-2005-1411 | Password Local Information Disclosure vulnerability in Cybration Icuii 7.0 Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges. | 4.6 |
2005-05-03 | CVE-2005-1410 | The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments. | 2.1 |
2005-05-03 | CVE-2005-1409 | Privilege Escalation vulnerability in PostgreSQL Character Set Conversion PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability." | 7.5 |
2005-05-03 | CVE-2005-1407 | Local Security vulnerability in Skype Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. | 4.6 |
2005-05-03 | CVE-2005-1405 | Local Security vulnerability in Lotus Notes HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. | 2.1 |
2005-05-03 | CVE-2005-1404 | Unspecified vulnerability in Myphp Forum Myphp Forum 1.0/2.0/3.0 MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php. | 5.0 |
2005-05-03 | CVE-2005-1403 | Cross-Site Scripting vulnerability in Just William's Amazon Webstore Closeup.PHP Image Parameter Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie. network just-williams | 6.8 |