Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4644 | HTML Injection vulnerability in Edgewall Software Trac 0.9.2 Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. network edgewall-software | 4.3 |
| 2005-12-31 | CVE-2005-4643 | SQL Injection vulnerability in Antharia OnContent // CMS SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 |
| 2005-12-31 | CVE-2005-4642 | Cross-Site Scripting vulnerability in Hydrobb 1.0.0Beta2 Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) search.php, (2) members.php, (3) stats.php, (4) viewforum.php, (5) register.php, (6) usercp.php, (7) groups.php, (8) pms.php, and (9) calendar.php. network hydrobb | 4.3 |
| 2005-12-31 | CVE-2005-4641 | SQL-Injection vulnerability in Eazycms 2.0 SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | 7.5 |
| 2005-12-31 | CVE-2005-4640 | SQL-Injection vulnerability in Poll Software SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters. | 7.5 |
| 2005-12-31 | CVE-2005-4639 | Local Buffer Overflow vulnerability in Linux Kernel DVB Driver Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by "reading more than 8 bytes into an 8 byte long array". | 4.6 |
| 2005-12-31 | CVE-2005-4638 | Remote Security vulnerability in SupportSuite index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module. | 5.0 |
| 2005-12-31 | CVE-2005-4637 | Cross-Site Scripting vulnerability in Kayako SupportSuite Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module. network kayako | 4.3 |
| 2005-12-31 | CVE-2005-4636 | Local Security vulnerability in Openoffice OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. | 4.6 |
| 2005-12-31 | CVE-2005-4634 | SQL-Injection vulnerability in Activecampaign Supporttrio 1.4 SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |