Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0303 | Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter. network comersus-open-technologies | 4.3 |
2005-05-02 | CVE-2005-0302 | SQL-Injection vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | 7.5 |
2005-05-02 | CVE-2005-0301 | Security Bypass vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. | 7.5 |
2005-05-02 | CVE-2005-0299 | Information Disclosure vulnerability in GForge Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. | 5.0 |
2005-05-02 | CVE-2005-0298 | Unspecified vulnerability in Oracle Database Server The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. | 5.0 |
2005-05-02 | CVE-2005-0293 | Remote Directory Traversal vulnerability in Minis 0.2.1 Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2005-05-02 | CVE-2005-0289 | Remote Denial of Service vulnerability in Apple AirPort Wireless Distribution System Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs. | 5.0 |
2005-05-02 | CVE-2005-0286 | Multiple vulnerability in eMotion MediaPartner Enterprise eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . | 5.0 |
2005-05-02 | CVE-2005-0285 | Unspecified vulnerability in Bottomline Webseries Payment Application 4.0 Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs. | 4.6 |
2005-05-02 | CVE-2005-0282 | SQL Injection vulnerability in Mybulletinboard 1.0Rc4 SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter. | 7.5 |