Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-11 | CVE-2005-1497 | Information Disclosure vulnerability in Mywebland Mybloggie 2.1.1 index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message. | 5.0 |
2005-05-11 | CVE-2005-1496 | Privilege Escalation vulnerability in Oracle Application Server and Oracle10G The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. | 4.6 |
2005-05-11 | CVE-2005-1494 | Cross-Site Scripting vulnerability in MegaBook Admin.CGI EntryID Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter. network megabook | 4.3 |
2005-05-11 | CVE-2005-1493 | Directory Traversal vulnerability in Dead Pirate Software Simplecam 1.2 Directory traversal vulnerability in SimpleCam 1.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URL. | 5.0 |
2005-05-11 | CVE-2005-1491 | Local Security vulnerability in Mail Server Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html or (2) move arbitrary files via the importfile parameter to importaction.html. | 4.6 |
2005-05-11 | CVE-2005-1489 | Remote Security vulnerability in Mail Server Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html. | 5.0 |
2005-05-11 | CVE-2005-1486 | Cross-Site Scripting vulnerability in Fishnet Fishcart 3.1 Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. | 5.0 |
2005-05-11 | CVE-2005-1485 | Information Disclosure vulnerability in Kmint21 Software Golden FTP Server 2.52 Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message. | 5.0 |
2005-05-11 | CVE-2005-1484 | Directory Traversal vulnerability in Golden FTP Server Pro Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command. | 5.0 |
2005-05-11 | CVE-2005-1483 | Remote vulnerability in Interspire Articlelive 2005 Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter. network interspire | 4.3 |