Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-31 | CVE-2005-4665 | HTML Injection vulnerability in PunBB BBCode URL Tag Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. network punbb | 4.3 |
2005-12-31 | CVE-2005-4664 | SQL-Injection vulnerability in Ocomon 1.21 SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662. | 5.0 |
2005-12-31 | CVE-2005-4663 | Cross-Site Scripting vulnerability in OcoMon Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network ocomon | 4.3 |
2005-12-31 | CVE-2005-4662 | SQL Injection vulnerability in OcoMon Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664. | 5.0 |
2005-12-31 | CVE-2005-4661 | Remote Security vulnerability in Campware.Org Campsite 2.2.2 The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password. | 5.0 |
2005-12-31 | CVE-2005-4660 | Unspecified vulnerability in Ipcop Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup. | 1.2 |
2005-12-31 | CVE-2005-4659 | Information Disclosure vulnerability in IPCop Backup Key IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup. | 2.1 |
2005-12-31 | CVE-2005-4658 | Cross-Site Scripting vulnerability in Iisworks Aspknowledgebase Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | 6.8 |
2005-12-31 | CVE-2005-4657 | Authentication Bypass vulnerability in Ocean12 Technologies Calendar Manager PRO 1.01 Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. | 7.5 |
2005-12-31 | CVE-2005-4656 | SQL Injection vulnerability in Triggertg Tclanportal 1.1.3 SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter. | 5.0 |