Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-03-08 | CVE-2005-0720 | Code Injection vulnerability in Mcnews 1.3 PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-03-08 | CVE-2005-0696 | Remote Buffer Overrun vulnerability in Argosoft FTP Server 1.4.2.29/1.4.2.8/1.4.3.5 Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. | 7.5 |
2005-03-08 | CVE-2005-0685 | Access Validation vulnerability in Outstart Participate Enterprise 3 Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands. | 7.5 |
2005-03-08 | CVE-2005-0626 | Information Disclosure vulnerability in Squid 2.5.Stable5/2.5.Stable6/2.5.Stable7 Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. | 2.6 |
2005-03-08 | CVE-2005-0099 | Unspecified vulnerability in Abuse Abuse-Sdl The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files. | 2.1 |
2005-03-08 | CVE-2005-0098 | Unspecified vulnerability in Abuse Abuse-Sdl Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before 2.00 allow local users to execute arbitrary code via the command line. | 4.6 |
2005-03-07 | CVE-2005-0722 | Remote Security vulnerability in Experience2 eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message. | 5.0 |
2005-03-07 | CVE-2005-0703 | Remote Security vulnerability in WorkCentre 40 Color Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179. | 5.0 |
2005-03-07 | CVE-2005-0702 | SQL-Injection vulnerability in phpMyFAQ SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages. | 5.0 |
2005-03-07 | CVE-2005-0701 | Unspecified vulnerability in Oracle Database Server Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | 5.0 |