Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-20 | CVE-2005-4369 | Cross-Site Scripting vulnerability in the Collective Acuity CMS 2.6.2 Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp. network the-collective | 4.3 |
2005-12-20 | CVE-2005-4368 | Information Exposure vulnerability in Roundcube Webmail roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. | 5.0 |
2005-12-20 | CVE-2005-4367 | Cross-Site Scripting vulnerability in FAD Solutions Drzes HMS 3.2 Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. network fad-solutions | 5.8 |
2005-12-20 | CVE-2005-4366 | SQL Injection vulnerability in FAD Solutions Drzes HMS 3.2 Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. | 6.4 |
2005-12-20 | CVE-2005-4365 | Cross-Site Scripting vulnerability in Flip 0.9.0.1029 Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php. network flip | 4.3 |
2005-12-20 | CVE-2005-4364 | Cross-Site Scripting vulnerability in HOT Banana web Content Management Suite 5.3 Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. network hot-banana | 5.8 |
2005-12-20 | CVE-2005-4363 | Input Validation vulnerability in Komodo CMS 2.1 Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. network komodo | 5.8 |
2005-12-20 | CVE-2005-4362 | Input Validation vulnerability in Komodo CMS 2.1 SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 5.0 |
2005-12-20 | CVE-2005-4361 | Cross-Site Scripting vulnerability in Magnolia Content Management Suite 2.1 Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter. network magnolia | 4.3 |
2005-12-20 | CVE-2005-4360 | Unchecked Return Value vulnerability in Microsoft Internet Information Services 5.1 The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". | 7.8 |