Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2005-05-03 CVE-2005-1397 SQL Injection vulnerability in PHP-Calendar Search.PHP
SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
network
low complexity
php-calendar
7.5
7.5
2005-05-03 CVE-2005-1391 Remote Buffer Overflow vulnerability in Apsis Pound 1.8.2
Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header.
network
low complexity
apsis
7.5
7.5
2005-05-03 CVE-2005-1387 Unspecified vulnerability in Kristofer Szymanski Cocktail 3.5.4
Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes.
local
low complexity
kristofer-szymanski
7.2
7.2
2005-05-03 CVE-2005-1384 SQL Injection vulnerability in PHPcoin 1.2/1.2.1/1.2.1B
Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.
network
low complexity
coinsoft-technologies
7.5
7.5
2005-05-03 CVE-2005-1383 Unspecified vulnerability in Oracle Application Server
The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.
network
low complexity
oracle
7.5
7.5
2005-05-03 CVE-2005-1378 SQL Injection vulnerability in Notes Module for PHPBB
SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors.
network
low complexity
oxpus
7.5
7.5
2005-05-03 CVE-2005-1377 Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.
network
low complexity
claroline
7.5
7.5
2005-05-03 CVE-2005-1376 Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1
Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files.
network
low complexity
claroline
7.5
7.5
2005-05-03 CVE-2005-1375 Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
network
low complexity
claroline
7.5
7.5
2005-05-03 CVE-2005-1373 SQL Injection vulnerability in Dream4 Koobi CMS 4.2.3
Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.
network
low complexity
dream4
7.5
7.5