Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-21 | CVE-2005-4430 | SQL Injection vulnerability in LogicBill SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php. | 7.5 |
| 2005-12-21 | CVE-2005-4429 | SQL Injection vulnerability in Cs-Cart 1.3.0 SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php. | 7.5 |
| 2005-12-21 | CVE-2005-4348 | Resource Management Errors vulnerability in Fetchmail fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. | 7.8 |
| 2005-12-20 | CVE-2005-4428 | Input Validation vulnerability in Cerberus Helpdesk 2.649 Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. network cerberus | 4.3 |
| 2005-12-20 | CVE-2005-4427 | Input Validation vulnerability in Cerberus Helpdesk 2.649 Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php. | 7.5 |
| 2005-12-20 | CVE-2005-4426 | HTML Injection vulnerability in YaBB Image Upload Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. | 4.0 |
| 2005-12-20 | CVE-2005-4425 | Denial of Service vulnerability in Kerio WinRoute Firewall RTSP Stream Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams. | 7.8 |
| 2005-12-20 | CVE-2005-4424 | Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. | 6.5 |
| 2005-12-20 | CVE-2005-4423 | Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell." | 6.5 |
| 2005-12-20 | CVE-2005-4422 | Remote File Upload vulnerability in Toenda Software Development Toendacms 0.6.1 Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums. | 6.5 |