Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-03 | CVE-2005-1419 | SQL-Injection vulnerability in Ocean12 Technologies Mailing List Manager 1.06 SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter. | 7.5 |
| 2005-05-03 | CVE-2005-1418 | Local Information Disclosure vulnerability in Netleaf Limited Notjustbrowsing 1.0.3 NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges. | 4.6 |
| 2005-05-03 | CVE-2005-1417 | SQL Injection vulnerability in MaxWebPortal Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp. | 7.5 |
| 2005-05-03 | CVE-2005-1416 | Unspecified vulnerability in Soft3304 04Webserver 1.81 Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder. | 5.0 |
| 2005-05-03 | CVE-2005-1415 | Remote Buffer Overflow vulnerability in GlobalSCAPE Secure FTP Server 3.0/3.0.2 Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command. | 10.0 |
| 2005-05-03 | CVE-2005-1414 | Local Information Disclosure vulnerability in FilePocket ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges. | 4.6 |
| 2005-05-03 | CVE-2005-1413 | SQL Injection vulnerability in Envivosoft Envivo CMS 3.54 Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp. | 7.5 |
| 2005-05-03 | CVE-2005-1412 | Unspecified vulnerability in Ecomm Professional Guestbook 3 SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter. | 7.5 |
| 2005-05-03 | CVE-2005-1411 | Password Local Information Disclosure vulnerability in Cybration Icuii 7.0 Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges. | 4.6 |
| 2005-05-03 | CVE-2005-1410 | The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments. | 2.1 |