Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-03 | CVE-2005-1392 | Unspecified vulnerability in PHPmyadmin 2.6.2 The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. | 4.6 |
| 2005-05-03 | CVE-2005-1391 | Remote Buffer Overflow vulnerability in Apsis Pound 1.8.2 Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header. | 7.5 |
| 2005-05-03 | CVE-2005-1388 | Cross-Site Scripting vulnerability in Survivor 0.9.5A Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network survivor | 4.3 |
| 2005-05-03 | CVE-2005-1387 | Unspecified vulnerability in Kristofer Szymanski Cocktail 3.5.4 Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes. | 7.2 |
| 2005-05-03 | CVE-2005-1386 | Information Disclosure vulnerability in PHP-Nuke PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message. | 5.0 |
| 2005-05-03 | CVE-2005-1385 | Denial-Of-Service vulnerability in Apple Safari 1.3 Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference. | 2.6 |
| 2005-05-03 | CVE-2005-1384 | SQL Injection vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php. | 7.5 |
| 2005-05-03 | CVE-2005-1383 | Unspecified vulnerability in Oracle Application Server The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778. | 7.5 |
| 2005-05-03 | CVE-2005-1382 | File Corruption vulnerability in Oracle Application Server 9i Webcache Arbitrary The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. | 5.0 |
| 2005-05-03 | CVE-2005-1381 | Cross-Site Scripting vulnerability in Oracle Application Server 9i Webcache Cache_dump_file Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. network oracle | 6.8 |