Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0743 | Remote Arbitrary PHP File Upload vulnerability in Xoops Custom Avatar The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered. | 7.5 |
| 2005-05-02 | CVE-2005-0737 | Remote Buffer Overflow vulnerability in Yahoo! Messenger Offline Mode Status Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode. | 7.5 |
| 2005-05-02 | CVE-2005-0729 | Remote Security vulnerability in XPand Rally 1.0/1.1 Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a message. | 7.5 |
| 2005-05-02 | CVE-2005-0726 | SQL-Injection vulnerability in Ubbcentral Ubb.Threads 6.0 SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0721 | Remote Security vulnerability in Experience2 PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2005-05-02 | CVE-2005-0707 | Buffer Overflow vulnerability in Ipswitch Collaboration Suite IMail Server IMAP EXAMINE Argument Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. | 7.2 |
| 2005-05-02 | CVE-2005-0706 | Matches Buffer Overflow vulnerability in Grip CDDB Response Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. | 7.5 |
| 2005-05-02 | CVE-2005-0679 | Code Injection vulnerability in Stadtaus Tell A Friend Script PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2005-05-02 | CVE-2005-0678 | Remote Security vulnerability in Form Mail Script PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code. | 7.5 |
| 2005-05-02 | CVE-2005-0672 | Remote vulnerability in Ca3DE Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference. | 7.5 |