Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-11 | CVE-2005-1558 | Security Bypass vulnerability in Neteyes Nexusway 805 The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie. | 7.5 |
| 2005-05-11 | CVE-2005-1517 | Remote Security vulnerability in FWSM for Cisco Catalyst 6500/7600 Series Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs). | 7.5 |
| 2005-05-11 | CVE-2005-1516 | Remote Authentication Bypass vulnerability in Netwin Dmail 3.1A DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function. | 7.5 |
| 2005-05-11 | CVE-2005-1512 | Remote Security vulnerability in Pwsphp 1.2.2 The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files. | 7.5 |
| 2005-05-11 | CVE-2005-1511 | Security Bypass vulnerability in Pwsphp 1.2.2 PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie. | 7.5 |
| 2005-05-11 | CVE-2005-1510 | Information Disclosure vulnerability in Pwsphp 1.2.2 PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message. | 7.5 |
| 2005-05-11 | CVE-2005-1509 | SQL Injection vulnerability in Pwsphp 1.2.2 SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-05-11 | CVE-2005-1506 | SQL-Injection vulnerability in CJ Ultra Plus 1.0.3/1.0.4 SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter. | 7.5 |
| 2005-05-11 | CVE-2005-1505 | The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. | 7.5 |
| 2005-05-11 | CVE-2005-1503 | SQL Injection vulnerability in MidiCart PHP Search_List.PHP SearchString Parameter Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php. | 7.5 |