Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1288 | Remote Security vulnerability in ACS Blog inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie. | 7.5 |
| 2005-05-02 | CVE-2005-1284 | Unspecified vulnerability in Argosoft Mail Server 1.8.7.6 The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. | 7.5 |
| 2005-05-02 | CVE-2005-1238 | Remote Security vulnerability in Iseries As 400 By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | 7.5 |
| 2005-05-02 | CVE-2005-1237 | SQL Injection vulnerability in FlexPHPNews News.PHP SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | 7.5 |
| 2005-05-02 | CVE-2005-1236 | SQL Injection vulnerability in Duware Duportal 3.1.2/3.1.2Sql Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224. | 7.5 |
| 2005-05-02 | CVE-2005-1232 | Remote Security vulnerability in SUN Java System web Proxy Server 3.6 Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
| 2005-05-02 | CVE-2005-1226 | Information Disclosure vulnerability in Coppermine Photo Gallery 1.3.2 Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2005-05-02 | CVE-2005-1225 | SQL-Injection vulnerability in Coppermine Photo Gallery 1.3.2 SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. | 7.5 |
| 2005-05-02 | CVE-2005-1224 | SQL Injection vulnerability in Duware Duportal 3.4/Pro3.4/Sql3.4 Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236. | 7.5 |
| 2005-05-02 | CVE-2005-1223 | SQL-Injection vulnerability in Ocean12 Technologies Calendar Manager PRO 1.01 Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field. | 7.5 |