Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-20 | CVE-2005-4359 | SQL-Injection vulnerability in Oodie Odfaq 1.21B/2.1.0 SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php. | 6.4 |
| 2005-12-20 | CVE-2005-4358 | Remote Security vulnerability in PHPbb Group PHPbb 2.0.18 admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. | 5.0 |
| 2005-12-20 | CVE-2005-4357 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.18 Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover. | 2.6 |
| 2005-12-20 | CVE-2005-4356 | SQL-Injection vulnerability in Ustore SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | 7.5 |
| 2005-12-20 | CVE-2005-4355 | Cross-Site Scripting vulnerability in Ustore Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. network xmpie | 4.3 |
| 2005-12-20 | CVE-2005-4354 | Cross-Site Scripting vulnerability in Webglimpse Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter. network university-of-arizona | 4.3 |
| 2005-12-20 | CVE-2005-4353 | SQL-Injection vulnerability in Toenda Software Development Toendacms 0.6.2.1 SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-20 | CVE-2005-4350 | Denial of Service vulnerability in SUN Wbem Services A.01.05.11/A.02.00.07 Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors. | 7.8 |
| 2005-12-19 | CVE-2005-4346 | SQL-Injection vulnerability in Phpbb Blog Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. | 5.0 |
| 2005-12-19 | CVE-2005-4345 | Multiple vulnerability in Macromedia Coldfusion 7.0 Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. | 7.2 |