Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-02-23 | CVE-2004-0481 | Unspecified vulnerability in SUN Solaris and Sunos The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file. | 2.1 |
2005-02-22 | CVE-2005-0535 | Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users. | 7.5 |
2005-02-22 | CVE-2005-0514 | Unspecified vulnerability in Verity Ultraseek 5.3.3 Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters. network verity | 4.3 |
2005-02-22 | CVE-2005-0161 | Remote Directory Traversal vulnerability in E-Merge Unace 1.2B Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames. | 2.1 |
2005-02-22 | CVE-2005-0160 | Remote Buffer Overflow vulnerability in E-Merge Unace 1.2B Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages. | 5.1 |
2005-02-21 | CVE-2005-0537 | SQL-Injection vulnerability in Igeneric Free Shopping Cart 1.2 Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters. | 7.5 |
2005-02-21 | CVE-2005-0512 | Remote Security vulnerability in Mambo PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. | 7.5 |
2005-02-21 | CVE-2005-0511 | Unspecified vulnerability in Jelsoft Vbulletin misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. | 7.5 |
2005-02-21 | CVE-2005-0503 | uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges. | 4.6 |
2005-02-21 | CVE-2005-0496 | Use of Hard-coded Credentials vulnerability in Arkeia Network Backup 5.0 Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. | 9.8 |