Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-03 | CVE-2005-1398 | Improper Input Validation vulnerability in PHPcart 3.2/3.4/4.6.4 phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. | 5.0 |
| 2005-05-03 | CVE-2005-1393 | Unspecified vulnerability in Esri Arcinfo Workstation 9.0 Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery. | 4.6 |
| 2005-05-03 | CVE-2005-1392 | Unspecified vulnerability in PHPmyadmin 2.6.2 The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. | 4.6 |
| 2005-05-03 | CVE-2005-1388 | Cross-Site Scripting vulnerability in Survivor 0.9.5A Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network survivor | 4.3 |
| 2005-05-03 | CVE-2005-1386 | Information Disclosure vulnerability in PHP-Nuke PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message. | 5.0 |
| 2005-05-03 | CVE-2005-1382 | File Corruption vulnerability in Oracle Application Server 9i Webcache Arbitrary The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. | 5.0 |
| 2005-05-03 | CVE-2005-1381 | Cross-Site Scripting vulnerability in Oracle Application Server 9i Webcache Cache_dump_file Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. network oracle | 6.8 |
| 2005-05-03 | CVE-2005-1380 | Cross-Site Scripting vulnerability in BEA Weblogic Server 8.1 Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action. network bea | 6.8 |
| 2005-05-03 | CVE-2005-1379 | Unspecified vulnerability in Mandrakesoft Mandrake Lam-Runtime 7.0.6.2Mdk The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges. | 4.6 |
| 2005-05-03 | CVE-2005-1374 | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. network claroline | 6.8 |