Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4632 | SQL Injection vulnerability in Vote PRO Vote PRO SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | 7.5 |
| 2005-12-31 | CVE-2005-4631 | SQL-Injection vulnerability in Zina SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter. | 7.5 |
| 2005-12-31 | CVE-2005-4630 | SQL-Injection vulnerability in Clientexec 2.3 SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters. | 7.5 |
| 2005-12-31 | CVE-2005-4629 | SQL-Injection vulnerability in Smbcms 2.1 SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters. | 7.5 |
| 2005-12-31 | CVE-2005-4628 | SQL-Injection vulnerability in Helpdeskpoint SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
| 2005-12-31 | CVE-2005-4627 | Cross-Site Scripting vulnerability in GMailSite Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. | 4.3 |
| 2005-12-31 | CVE-2005-4626 | SQL-Injection vulnerability in Recruitment Software The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request. | 5.0 |
| 2005-12-31 | CVE-2005-4625 | Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999. | 7.1 |
| 2005-12-31 | CVE-2005-4624 | Remote Denial of Service vulnerability in PTnet Ircd 1.5/1.6 The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users. | 5.0 |
| 2005-12-31 | CVE-2005-4623 | Input Validation vulnerability in Efilego 3.01 upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name. | 5.0 |