Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-06-02 | CVE-2005-1903 | Local Security vulnerability in SPA-PRO Mail Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to execute arbitrary code via a long CREATE command. | 2.1 |
| 2005-06-02 | CVE-2005-1875 | SQL Injection vulnerability in Exhibit Engine List.php Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter. | 7.5 |
| 2005-06-02 | CVE-2005-1840 | Directory Traversal vulnerability in phpCMS Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. | 5.0 |
| 2005-06-02 | CVE-2005-1839 | SQL-Injection vulnerability in Liberum Help Desk 0.97.3 Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.asp or (2) print.asp or (3) edit parameter to register.asp. | 7.5 |
| 2005-06-02 | CVE-2005-1838 | Cross-Site Scripting vulnerability in Liberum Help Desk 0.97.3 Multiple cross-site scripting vulnerabilities in castnewPost.asp in Liberum Help Desk 0.97.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Email, (2) Title, or (3) Description fields. | 5.0 |
| 2005-06-02 | CVE-2005-1824 | Unspecified vulnerability in GNU Mailutils 1.0.6.1.1 The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. | 7.5 |
| 2005-06-01 | CVE-2005-1837 | Remote Security vulnerability in Fortinet Firewall Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges. | 7.5 |
| 2005-06-01 | CVE-2005-1836 | Denial-Of-Service vulnerability in Nextweb (i)Site NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files. | 5.0 |
| 2005-06-01 | CVE-2005-1834 | SQL-Injection vulnerability in Nextweb %28I%29Site SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. | 7.5 |
| 2005-06-01 | CVE-2005-1823 | SQL Injection and Cross-Site Scripting vulnerability in Qualiteam X-Cart 4.0.8 Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. network qualiteam | 4.3 |