Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1368 | Unspecified vulnerability in Linux Kernel The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP. | 1.2 |
| 2005-05-02 | CVE-2005-1364 | Remote SQL Injection vulnerability in MetaBid Auctions intAuctionID Parameter Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp. | 7.5 |
| 2005-05-02 | CVE-2005-1363 | SQL-Injection vulnerability in Metalinks Metacart2 Payflowlink Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow allow remote attackers to execute arbitrary commands via (1) intCatalogID, (2) strSubCatalogID, or (3) strSubCatalog_NAME parameter to productsByCategory.asp, (4) curCatalogID, (5) strSubCatalog_NAME, (6) intCatalogID, or (7) page parameter to productsByCategory.asp or (8) intProdID parameter to product.asp. | 7.5 |
| 2005-05-02 | CVE-2005-1362 | SQL-Injection vulnerability in Metalinks Metacart2 Paypal Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText, (6) chkPrice, (7) intPrice, (8) chkCat, or (9) strCat parameters to searchAction.asp. | 7.5 |
| 2005-05-02 | CVE-2005-1361 | Remote SQL Injection vulnerability in Metalinks Metacart E-Shop 8.0 Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp. | 7.5 |
| 2005-05-02 | CVE-2005-1360 | Remote File Include vulnerability in Graycms 1.1 PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2005-05-02 | CVE-2005-1359 | Cross-Site Scripting vulnerability in Text.Cgi Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. network text-cgi | 4.3 |
| 2005-05-02 | CVE-2005-1358 | Remote Security vulnerability in Text.Cgi text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | 7.5 |
| 2005-05-02 | CVE-2005-1357 | Remote Security vulnerability in Text.Cgi text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | 5.0 |
| 2005-05-02 | CVE-2005-1356 | Cross-Site Scripting vulnerability in Includer.Cgi Cross-site scripting (XSS) vulnerability in includer.cgi script in The Includer allows remote attackers to inject arbitrary web script or HTML via the argument. network includer-cgi | 4.3 |