Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-22 | CVE-2005-4500 | SQL Injection vulnerability in Musicbox 2.3 SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. | 7.5 |
| 2005-12-22 | CVE-2005-3534 | Buffer Errors vulnerability in Wouter Verhelst NBD 2.7.5/2.8.0/2.8.2 Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header. | 7.5 |
| 2005-12-22 | CVE-2005-4498 | Cross-Site Scripting vulnerability in Text-E CMS 1.6.4 Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. network text-e | 4.3 |
| 2005-12-22 | CVE-2005-4497 | Cross-Site Scripting vulnerability in Tangora Portal CMS Action Parameter Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx. network tangora | 4.3 |
| 2005-12-22 | CVE-2005-4496 | Cross-Site Scripting vulnerability in SyntaxCMS Search Query Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. network forum-one | 4.3 |
| 2005-12-22 | CVE-2005-4494 | Cross-Site Scripting vulnerability in Spip 1.8.2 Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3. | 2.6 |
| 2005-12-22 | CVE-2005-4493 | Cross-Site Scripting vulnerability in Speartek 6.0 Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. network speartek | 6.8 |
| 2005-12-22 | CVE-2005-4492 | Cross-SIte Scripting vulnerability in Starphire Technologies SiteSage Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter. network starphire-technologies | 4.3 |
| 2005-12-22 | CVE-2005-4491 | Cross-Site Scripting vulnerability in Sitekit Solutions Sitekit CMS Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. | 4.3 |
| 2005-12-22 | CVE-2005-4490 | Cross-Site Scripting vulnerability in Commercial Interactive Media SCOOP! Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword and (2) invalid parameter to articleSearch.asp; (3) username and (4) invalid parameter to lostPassword.asp; (5) Username, (6) Password, and (7) invalid parameter to account_login.asp; (8) area, (9) articleZoneID, (10) r, and (11) invalid parameters to category.asp; and invalid parameters to (12) articleZone.asp, (13) prePurchaserRegistration.asp, and (14) requestDemo.asp. network commercial-interactive-media | 4.3 |