Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-06-16 | CVE-2005-2036 | Information Exposure vulnerability in Cool Cafe Chat Cool Cafe Chat 1.2.1 modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value. | 7.5 |
| 2005-06-16 | CVE-2005-2035 | SQL Injection vulnerability in Cool Cafe Chat Cool Cafe Chat 1.2.1 SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password. | 7.5 |
| 2005-06-16 | CVE-2005-2031 | SQL-Injection vulnerability in SocialMPN Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php. | 7.5 |
| 2005-06-16 | CVE-2005-2026 | Remote Security vulnerability in Vertical Horizon VH-2402S 2.05.00/2.05.08.01/2.05.09.07 Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges. | 7.5 |
| 2005-06-16 | CVE-2005-1971 | Directory Traversal vulnerability in Interactivephp Fusionbb 11Beta Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter. | 7.5 |
| 2005-06-16 | CVE-2005-1970 | Local Privileged Command Execution vulnerability in Symantec PCAnywhere Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature. | 7.2 |
| 2005-06-16 | CVE-2005-1967 | SQL-Injection vulnerability in Productcart Ecommerce Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp. | 7.5 |
| 2005-06-16 | CVE-2005-1965 | Code Injection vulnerability in Glen Campbell Siteframe PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter. | 7.5 |
| 2005-06-16 | CVE-2005-1952 | Remote Security vulnerability in Pico Server Pico Server 3.3 Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. | 7.5 |
| 2005-06-16 | CVE-2005-1722 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions. | 7.2 |