Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2005-05-02 CVE-2005-0810 Multiple vulnerability in Notify Technology Notifylink Enterpriseserver
SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL.
network
low complexity
notify-technology
7.5
2005-05-02 CVE-2005-0809 Multiple vulnerability in Notify Technology Notifylink Enterpriseserver
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.
network
low complexity
notify-technology
7.5
2005-05-02 CVE-2005-0807 Remote Heap Buffer Overflow vulnerability in Massimiliano Montoro Cain & Abel PSK Sniffer
Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters.
network
low complexity
oxid
7.5
2005-05-02 CVE-2005-0805 SQL Injection vulnerability in Subdreamer Light 1.0
SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.
network
low complexity
subdreamer
7.5
2005-05-02 CVE-2005-0800 Unspecified vulnerability in Mcnews
PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720.
network
low complexity
mcnews
7.5
2005-05-02 CVE-2005-0781 SQL Injection And Cross-Site Scripting vulnerability in PAFileDB
SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.
network
low complexity
php-arena
7.5
2005-05-02 CVE-2005-0775 Remote vulnerability in Photopost PHP PRO 5.0Rc3
The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator.
network
low complexity
photopost
7.5
2005-05-02 CVE-2005-0769 Buffer Overflow vulnerability in OpenSLP
Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.
network
low complexity
openslp
7.5
2005-05-02 CVE-2005-0764 Unspecified vulnerability in Marc Lehmann Rxvt-Unicode
Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences.
network
low complexity
marc-lehmann
7.5
2005-05-02 CVE-2005-0762 Unspecified vulnerability in Imagemagick
Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.
network
low complexity
imagemagick
7.5