Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-20 | CVE-2005-4421 | Unspecified vulnerability in Dev-Editor Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name. | 7.5 |
| 2005-12-20 | CVE-2005-4420 | Input Validation vulnerability in Quicksquare Development Honeycomb Archive Enterprise 3.0 Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm. network quicksquare-development | 4.3 |
| 2005-12-20 | CVE-2005-4419 | Input Validation vulnerability in Quick Square Development Honeycomb Archive Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters. | 7.5 |
| 2005-12-20 | CVE-2005-4417 | Remote Security vulnerability in Blue Usb-130-250 Software The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. | 6.4 |
| 2005-12-20 | CVE-2005-4416 | Input Validation vulnerability in TML 0.5 SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-20 | CVE-2005-4415 | Input Validation vulnerability in TML 0.5 Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter. network tml | 4.3 |
| 2005-12-20 | CVE-2005-4414 | Remote Security vulnerability in Open LAB Teamwork Alpha1.2/Alpha1.4/Alpha1.6 Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug." | 10.0 |
| 2005-12-20 | CVE-2005-4413 | HTML Injection vulnerability in IBM Websphere Application Server 6.0 Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1. network ibm | 4.3 |
| 2005-12-20 | CVE-2005-4412 | Local Security vulnerability in Citrix Program Neighborhood Client 9.1 Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field. | 2.1 |
| 2005-12-20 | CVE-2005-4411 | Remote Mailbox Name Service Buffer Overflow vulnerability in David Harris Mercury Mail Transport System 4.01B Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105. | 7.5 |