Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-31 | CVE-2005-4655 | Unspecified vulnerability in PHP Fusion PHP Fusion 6.00.204 Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>". network php-fusion | 4.3 |
2005-12-31 | CVE-2005-4654 | Remote Security vulnerability in HP Oracle for Openview 8.1.7/9.1.01/9.2 Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. | 6.4 |
2005-12-31 | CVE-2005-4653 | Authentication Bypass vulnerability in AL-Caricatier 1.0/2.5 Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument. | 5.0 |
2005-12-31 | CVE-2005-4652 | Input Validation vulnerability in Phlymail 3.02.01 SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 6.4 |
2005-12-31 | CVE-2005-4651 | SQL-Injection vulnerability in Alstrasoft Epay 2.0 SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. | 6.4 |
2005-12-31 | CVE-2005-4649 | Cross-Site Scripting vulnerability in Advanced Guestbook Advanced Guestbook 2.2/2.3.1 Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. network advanced-guestbook | 4.3 |
2005-12-31 | CVE-2005-4648 | Denial-Of-Service vulnerability in dbPowerAmp Music Converter Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. | 5.1 |
2005-12-31 | CVE-2005-4647 | SQL Injection vulnerability in Pearl Forums Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) forumsId and (2) topicId parameters in index.php. | 7.5 |
2005-12-31 | CVE-2005-4646 | Local File Include vulnerability in Pearl Forums 2.0/2.4 Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 allows remote attackers to include arbitrary files via the mode parameter, possibly due to a directory traversal vulnerability. | 5.0 |
2005-12-31 | CVE-2005-4645 | SQL-Injection vulnerability in 3Cfr SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter. | 7.5 |