Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-20 | CVE-2005-4379 | Cross-Site Scripting vulnerability in Bitweaver Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; the (3) blog_id parameter to (e) blogs/view.php; and the (4) search field to (f) users/my_groups.php. network bitweaver | 4.3 |
| 2005-12-20 | CVE-2005-4378 | Input Validation vulnerability in Baseline CMS SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter. | 7.5 |
| 2005-12-20 | CVE-2005-4377 | Cross-Site Scripting vulnerability in Baseline Cms Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters. network nma | 4.3 |
| 2005-12-20 | CVE-2005-4376 | Denial-Of-Service vulnerability in BOX UK Amaxus 3 Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter. | 5.0 |
| 2005-12-20 | CVE-2005-4375 | Cross-Site Scripting vulnerability in Box UK Amaxus CMS Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. network box-uk | 4.3 |
| 2005-12-20 | CVE-2005-4374 | Cross-Site Scripting vulnerability in Allinta CMS Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp. network allinta | 4.3 |
| 2005-12-20 | CVE-2005-4373 | Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. | 5.0 |
| 2005-12-20 | CVE-2005-4372 | Cross-Site Scripting vulnerability in Adaptive Website Framework Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. network liquid-bytes-technologies | 4.3 |
| 2005-12-20 | CVE-2005-4371 | Input Validation vulnerability in Acidcat CMS Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb. | 5.0 |
| 2005-12-20 | CVE-2005-4370 | Input Validation vulnerability in Acidcat CMS SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp. | 7.5 |