Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-03 | CVE-2005-1429 | SQL Injection vulnerability in Abczone.It Wwwguestbook 1.1 SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
2005-05-03 | CVE-2005-1428 | File-Upload vulnerability in Uapplication Uphotogallery edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files. | 7.5 |
2005-05-03 | CVE-2005-1427 | Information Disclosure vulnerability in uPhotoGallery Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb. | 7.5 |
2005-05-03 | CVE-2005-1422 | Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to conduct administrator operations and cause a denial of service (server or camera shutdown) via a direct request to admin.html. | 7.5 |
2005-05-03 | CVE-2005-1419 | SQL-Injection vulnerability in Ocean12 Technologies Mailing List Manager 1.06 SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter. | 7.5 |
2005-05-03 | CVE-2005-1417 | SQL Injection vulnerability in MaxWebPortal Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp. | 7.5 |
2005-05-03 | CVE-2005-1413 | SQL Injection vulnerability in Envivosoft Envivo CMS 3.54 Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp. | 7.5 |
2005-05-03 | CVE-2005-1412 | Unspecified vulnerability in Ecomm Professional Guestbook 3 SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter. | 7.5 |
2005-05-03 | CVE-2005-1409 | Privilege Escalation vulnerability in PostgreSQL Character Set Conversion PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability." | 7.5 |
2005-05-03 | CVE-2005-1401 | Unspecified vulnerability in Mtp-Target 1.2.2 Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text. | 7.5 |