Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-03 | CVE-2005-1380 | Cross-Site Scripting vulnerability in BEA Weblogic Server 8.1 Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action. network bea | 6.8 |
| 2005-05-03 | CVE-2005-1379 | Unspecified vulnerability in Mandrakesoft Mandrake Lam-Runtime 7.0.6.2Mdk The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges. | 4.6 |
| 2005-05-03 | CVE-2005-1378 | SQL Injection vulnerability in Notes Module for PHPBB SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors. | 7.5 |
| 2005-05-03 | CVE-2005-1377 | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors. | 7.5 |
| 2005-05-03 | CVE-2005-1376 | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files. | 7.5 |
| 2005-05-03 | CVE-2005-1375 | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php. | 7.5 |
| 2005-05-03 | CVE-2005-1374 | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. network claroline | 6.8 |
| 2005-05-03 | CVE-2005-1373 | SQL Injection vulnerability in Dream4 Koobi CMS 4.2.3 Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters. | 7.5 |
| 2005-05-03 | CVE-2005-1372 | Local Privilege Escalation vulnerability in BakBone NetVault NVStatsMngr.EXE nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu. | 4.6 |
| 2005-05-03 | CVE-2005-1371 | Local Privilege Escalation vulnerability in Bulletproof FTP Server 2.4.0.31 BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges. | 7.2 |