|
315411
|
- |
|
incredible_interactive
|
dragonfly_commerce
|
Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_products…
|
NVD-CWE-Other
|
CVE-2005-2220
|
2024-08-8 08:15 |
2005-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315412
|
- |
|
incredible_interactive
|
dragonfly_commerce
|
Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesvie…
|
NVD-CWE-Other
|
CVE-2005-2221
|
2024-08-8 08:15 |
2005-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315413
|
- |
|
sun
|
javamail
|
ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@doma…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2005-1753
|
2024-08-8 07:15 |
2005-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315414
|
- |
|
sun
apache_tomcat
|
javamail
apache_tomcat
|
JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache d…
|
CWE-200
Information Exposure
|
CVE-2005-1754
|
2024-08-8 07:15 |
2005-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315415
|
- |
|
todd_miller
|
sudo
|
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE a…
|
NVD-CWE-Other
|
CVE-2005-1831
|
2024-08-8 07:15 |
2005-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315416
|
- |
|
solstice
|
solstice_internet_mail_server
|
JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remo…
|
CWE-20
Improper Input Validation
|
CVE-2005-1682
|
2024-08-8 07:15 |
2005-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315417
|
- |
|
fishnet
|
fishcart
|
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE:…
|
CWE-89
SQL Injection
|
CVE-2005-1487
|
2024-08-8 07:15 |
2005-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315418
|
- |
|
open_solution
|
quick.cart
|
SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issu…
|
NVD-CWE-Other
|
CVE-2005-1588
|
2024-08-8 07:15 |
2005-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315419
|
- |
|
netiq
|
pssecure
|
Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib…
|
NVD-CWE-Other
|
CVE-2005-1244
|
2024-08-8 07:15 |
2005-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315420
|
- |
|
calendarscript
|
calendarscript
|
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via th…
|
NVD-CWE-Other
|
CVE-2005-1145
|
2024-08-8 07:15 |
2005-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
