Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-11 | CVE-2005-1501 | Information Disclosure vulnerability in MidiCart PHP Shopping Cart MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message. | 7.5 |
| 2005-05-11 | CVE-2005-1500 | SQL Injection vulnerability in Mywebland Mybloggie 2.1.1/2.1.3 Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. | 7.5 |
| 2005-05-11 | CVE-2005-1499 | Input Validation vulnerability in Mybloggie 2.1.1/2.1.2 delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter. | 7.5 |
| 2005-05-11 | CVE-2005-1495 | Buffer Overflow vulnerability in Oracle Application Server, Oracle10G and Oracle9I Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | 7.5 |
| 2005-05-11 | CVE-2005-1482 | Remote vulnerability in Interspire Articlelive 2005 ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie. | 7.5 |
| 2005-05-11 | CVE-2005-1481 | SQL-Injection vulnerability in Aaronoutpost ASP Inline Corporate Calendar 3 Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp. | 7.5 |
| 2005-05-11 | CVE-2005-1479 | SQL Injection vulnerability in JGS-Portal ID Variable SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-05-11 | CVE-2005-1478 | Remote Format String vulnerability in Netwin Dmail 3.1A/3.1B Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command. | 7.5 |
| 2005-05-11 | CVE-2005-1263 | Local Buffer Overflow vulnerability in Linux Kernel ELF Core Dump The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow. | 7.2 |
| 2005-05-11 | CVE-2005-1261 | Remote URI Handling Buffer Overflow vulnerability in Gaim Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL. | 7.5 |