Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-2466 | SQL Injection vulnerability in Openbook 1.2.2 Multiple SQL injection vulnerabilities in the auth_user function in admin.php in OpenBook 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | 6.4 |
| 2005-12-31 | CVE-2005-2465 | Cross-Site Scripting vulnerability in PC-Experience/Toppe PM.PHP MSG Parameter Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable. | 5.8 |
| 2005-12-31 | CVE-2005-2464 | Security Bypass vulnerability in Pcxp Toppe CMS Pcxp Toppe CMS 1.15/2 login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid. | 7.5 |
| 2005-12-31 | CVE-2005-2463 | Input Validation vulnerability in Kayako Liveresponse 2.0 Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message. | 6.4 |
| 2005-12-31 | CVE-2005-2462 | Input Validation vulnerability in Kayako Liveresponse 2.0 Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. | 2.1 |
| 2005-12-31 | CVE-2005-2461 | Input Validation vulnerability in Kayako Liveresponse 2.0 Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter. | 6.4 |
| 2005-12-31 | CVE-2005-2460 | Input Validation vulnerability in Kayako Liveresponse 2.0 Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message. network kayako | 5.8 |
| 2005-12-31 | CVE-2005-2454 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. | 4.6 |
| 2005-12-31 | CVE-2005-2344 | Buffer Errors vulnerability in RIM Blackberry Enterprise Server 4.0/4.0Sp1/4.0Sp2 The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0 to version 4.0 Service Pack 2 allows attackers to cause a denial of service via a malformed Portable Network Graphics (PNG) file that triggers a heap-based buffer overflow. | 5.0 |
| 2005-12-31 | CVE-2005-2343 | Denial Of Service vulnerability in RIM products Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed. | 2.6 |