Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2005-12-20 CVE-2005-4369 Cross-Site Scripting vulnerability in the Collective Acuity CMS 2.6.2
Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp.
network
the-collective
4.3
4.3
2005-12-20 CVE-2005-4368 Information Exposure vulnerability in Roundcube Webmail
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
network
low complexity
roundcube CWE-200
5.0
5.0
2005-12-20 CVE-2005-4367 Cross-Site Scripting vulnerability in FAD Solutions Drzes HMS 3.2
Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field.
network
fad-solutions
5.8
5.8
2005-12-20 CVE-2005-4366 SQL Injection vulnerability in FAD Solutions Drzes HMS 3.2
Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php.
network
low complexity
fad-solutions
6.4
6.4
2005-12-20 CVE-2005-4365 Cross-Site Scripting vulnerability in Flip 0.9.0.1029
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.
network
flip
4.3
4.3
2005-12-20 CVE-2005-4364 Cross-Site Scripting vulnerability in HOT Banana web Content Management Suite 5.3
Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
network
hot-banana
5.8
5.8
2005-12-20 CVE-2005-4363 Input Validation vulnerability in Komodo CMS 2.1
Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
network
komodo
5.8
5.8
2005-12-20 CVE-2005-4362 Input Validation vulnerability in Komodo CMS 2.1
SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
network
low complexity
komodo
5.0
5.0
2005-12-20 CVE-2005-4361 Cross-Site Scripting vulnerability in Magnolia Content Management Suite 2.1
Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
network
magnolia
4.3
4.3
2005-12-20 CVE-2005-4360 Unchecked Return Value vulnerability in Microsoft Internet Information Services 5.1
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0".
network
low complexity
microsoft CWE-252
7.8
7.8