Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-03 | CVE-2005-1409 | Privilege Escalation vulnerability in PostgreSQL Character Set Conversion PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability." | 7.5 |
| 2005-05-03 | CVE-2005-1407 | Local Security vulnerability in Skype Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. | 4.6 |
| 2005-05-03 | CVE-2005-1405 | Local Security vulnerability in Lotus Notes HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. | 2.1 |
| 2005-05-03 | CVE-2005-1404 | Unspecified vulnerability in Myphp Forum Myphp Forum 1.0/2.0/3.0 MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php. | 5.0 |
| 2005-05-03 | CVE-2005-1403 | Cross-Site Scripting vulnerability in Just William's Amazon Webstore Closeup.PHP Image Parameter Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie. network just-williams | 6.8 |
| 2005-05-03 | CVE-2005-1402 | Unspecified vulnerability in Mtp-Target Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison. | 5.0 |
| 2005-05-03 | CVE-2005-1401 | Unspecified vulnerability in Mtp-Target 1.2.2 Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text. | 7.5 |
| 2005-05-03 | CVE-2005-1398 | Improper Input Validation vulnerability in PHPcart 3.2/3.4/4.6.4 phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. | 5.0 |
| 2005-05-03 | CVE-2005-1397 | SQL Injection vulnerability in PHP-Calendar Search.PHP SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2005-05-03 | CVE-2005-1393 | Unspecified vulnerability in Esri Arcinfo Workstation 9.0 Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery. | 4.6 |