Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-04-24 | CVE-2005-1303 | Remote Security vulnerability in Citat.Pl The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. | 7.5 |
| 2005-04-24 | CVE-2005-1294 | Local Security vulnerability in Affix The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index. | 7.2 |
| 2005-04-23 | CVE-2005-1310 | SQL-Injection vulnerability in Eaden Mckee Bblog 0.7.4 SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | 7.5 |
| 2005-04-23 | CVE-2005-1291 | SQL-Injection vulnerability in Asp Cart Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp. | 7.5 |
| 2005-04-23 | CVE-2005-1287 | SQL-Injection vulnerability in Bk Forum Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp. | 7.5 |
| 2005-04-22 | CVE-2005-1283 | Directory Traversal vulnerability in Argosoft Mail Server 1.8.7.6 Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367. | 7.5 |
| 2005-04-22 | CVE-2005-0754 | Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. | 7.5 |
| 2005-04-20 | CVE-2005-1241 | Unspecified vulnerability in Powertech Powerlock Networksecurity 4.7.1 Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | 7.5 |
| 2005-04-20 | CVE-2005-1240 | Directory Traversal vulnerability in Secure Net Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | 7.5 |
| 2005-04-18 | CVE-2005-1107 | Unspecified vulnerability in Mcafee Internet Security Suite 2005 McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files. | 7.2 |