Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4719 | SQL-Injection vulnerability in Systems Panel Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php. | 7.5 |
| 2005-12-31 | CVE-2005-4718 | Unspecified vulnerability in Opera Browser Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute. | 5.0 |
| 2005-12-31 | CVE-2005-4717 | Unspecified vulnerability in Microsoft products Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. | 5.0 |
| 2005-12-31 | CVE-2005-4716 | Denial-Of-Service vulnerability in Hitachi TP1/Server Base Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid data to a port used by a system-server process, and (2) cause a denial of service (process failure) via invalid data to a port used by any of certain other processes. | 5.0 |
| 2005-12-31 | CVE-2005-4715 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8 Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. | 7.5 |
| 2005-12-31 | CVE-2005-4714 | Unspecified vulnerability in Openvmps 1.3 Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
| 2005-12-31 | CVE-2005-4713 | Denial Of Service vulnerability in PAM-MySQL Code Execution And Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call. | 5.0 |
| 2005-12-31 | CVE-2005-4712 | Remote Security vulnerability in PHP Handicapper CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. | 5.0 |
| 2005-12-31 | CVE-2005-4711 | SQL-Injection vulnerability in Neocrome Land Down Under SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. | 6.8 |
| 2005-12-31 | CVE-2005-4710 | Products Remote Unauthorized Access vulnerability in Autodesk Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329. | 4.6 |