Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2005-05-02 CVE-2005-0302 SQL-Injection vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.
network
low complexity
comersus-open-technologies
7.5
7.5
2005-05-02 CVE-2005-0301 Security Bypass vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1
comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program.
network
low complexity
comersus-open-technologies
7.5
7.5
2005-05-02 CVE-2005-0282 SQL Injection vulnerability in Mybulletinboard 1.0Rc4
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
network
low complexity
mybulletinboard
7.5
7.5
2005-05-02 CVE-2005-0273 Input Validation vulnerability in All Enthusiast PhotoPost Classifieds
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.
network
low complexity
photopost
7.5
7.5
2005-05-02 CVE-2005-0272 Remote Security vulnerability in Photopost Reviewpost PHP PRO 1.0.2/2.5
ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions.
network
low complexity
photopost
7.5
7.5
2005-05-02 CVE-2005-0267 Unspecified vulnerability in Flatnuke 2.5.1
index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.
network
low complexity
flatnuke
7.5
7.5
2005-05-02 CVE-2005-0265 Cross-Site Scripting and SQL Injection vulnerability in OWL Intranet Engine 0.7/0.8
Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.
network
low complexity
owl
7.5
7.5
2005-05-02 CVE-2005-0263 Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3
Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.
local
low complexity
ibm
7.2
7.2
2005-05-02 CVE-2005-0262 Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3
Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.
local
low complexity
ibm
7.2
7.2
2005-05-02 CVE-2005-0250 Local Format String vulnerability in IBM AIX 5.1/5.2/5.3
Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument.
local
low complexity
ibm
7.2
7.2