Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1137 | Information Disclosure vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1135 | Cross-Site Scripting vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. network alexander-palmo | 4.3 |
| 2005-05-02 | CVE-2005-1133 | Remote Information Disclosure vulnerability in IBM iSeries AS400 POP3 Server The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | 5.0 |
| 2005-05-02 | CVE-2005-1132 | Remote Denial Of Service vulnerability in LG Electronics LG Mobile Phone U8120 LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. | 5.0 |
| 2005-05-02 | CVE-2005-1131 | Unspecified vulnerability in Symantec Veritas I3 Focalpoint Server 7.1 Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact. | 10.0 |
| 2005-05-02 | CVE-2005-1129 | Information Disclosure vulnerability in EGroupWare EMail Attachment eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient. | 2.1 |
| 2005-05-02 | CVE-2005-1128 | SQL-Injection vulnerability in Virtual Hosting Control System Virtual Hosting Control System 2.2 Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries. | 7.5 |
| 2005-05-02 | CVE-2005-1127 | Unspecified vulnerability in Postgrey 1.17/1.18 Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey. | 5.0 |
| 2005-05-02 | CVE-2005-1125 | Unspecified vulnerability in Avaya Libsafe Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed. | 5.1 |
| 2005-05-02 | CVE-2005-1124 | Local Security vulnerability in Solaris Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API. | 4.6 |