Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-28 | CVE-2005-4548 | SQL Injection vulnerability in Real Web Solution Statistics Counter Service SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2005-12-28 | CVE-2005-4547 | Cross-Site Scripting vulnerability in eggblog Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields. network epic-designs | 4.3 |
| 2005-12-28 | CVE-2005-4546 | Cross-Site Scripting vulnerability in Epic Designs Eggblog Search.PHP search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability. | 7.8 |
| 2005-12-28 | CVE-2005-4545 | Cross-Site Scripting vulnerability in ShopCentrik ShopEngine EXPS Parameter Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. network netdirect | 4.3 |
| 2005-12-28 | CVE-2005-4534 | Unspecified vulnerability in Mozilla Bugzilla The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 7.5 |
| 2005-12-28 | CVE-2005-4533 | Local vulnerability in SCPOnly Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered. | 7.5 |
| 2005-12-28 | CVE-2005-4532 | Local vulnerability in SCPOnly scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD_PRELOAD to modify expected function calls in the setuid application. | 7.2 |
| 2005-12-28 | CVE-2005-4530 | HTML Injection vulnerability in Alstrasoft Epay 3.0 Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm. | 5.1 |
| 2005-12-28 | CVE-2005-4529 | Remote Security vulnerability in Chatspot 2.0.0A7 The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to impersonate other users via unknown vectors. | 7.5 |
| 2005-12-28 | CVE-2005-4528 | SQL-Injection vulnerability in Chatspot 2.0.0A7 SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |