Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-06-08 | CVE-2005-1757 | Remote vulnerability in Novell NetMail Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. | 7.5 |
| 2005-06-08 | CVE-2005-1724 | Unspecified vulnerability in Apple mac OS X Server 10.4/10.4.1 NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions. | 7.5 |
| 2005-06-08 | CVE-2005-1723 | Unspecified vulnerability in Apple mac OS X Server 10.4/10.4.1 LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions. | 7.5 |
| 2005-06-03 | CVE-2005-1872 | Remote Security vulnerability in IBM Websphere Application Server 5.0 Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code. | 7.5 |
| 2005-06-02 | CVE-2005-1875 | SQL Injection vulnerability in Exhibit Engine List.php Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter. | 7.5 |
| 2005-06-02 | CVE-2005-1839 | SQL-Injection vulnerability in Liberum Help Desk 0.97.3 Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.asp or (2) print.asp or (3) edit parameter to register.asp. | 7.5 |
| 2005-06-02 | CVE-2005-1824 | Unspecified vulnerability in GNU Mailutils 1.0.6.1.1 The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. | 7.5 |
| 2005-06-01 | CVE-2005-1837 | Remote Security vulnerability in Fortinet Firewall Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges. | 7.5 |
| 2005-06-01 | CVE-2005-1834 | SQL-Injection vulnerability in Nextweb %28I%29Site SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. | 7.5 |
| 2005-06-01 | CVE-2005-1822 | SQL Injection and Cross-Site Scripting vulnerability in Qualiteam X-Cart 4.0.8 Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. | 7.5 |