Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-19 | CVE-2005-4344 | Multiple vulnerability in Macromedia Coldfusion 7.0 Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration. | 2.1 |
| 2005-12-19 | CVE-2005-4343 | Multiple vulnerability in Macromedia Coldfusion 6.0/6.1/7.0 Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability". | 5.0 |
| 2005-12-19 | CVE-2005-4342 | Multiple vulnerability in Macromedia Coldfusion 6.0/6.1/7.0 ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." | 7.5 |
| 2005-12-19 | CVE-2005-4341 | Remote Security vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. | 5.0 |
| 2005-12-19 | CVE-2005-4339 | Cross-Site Scripting vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page. network blackboard | 4.3 |
| 2005-12-19 | CVE-2005-4338 | Remote Security vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin". | 10.0 |
| 2005-12-19 | CVE-2005-4337 | Security Bypass vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter. | 7.5 |
| 2005-12-17 | CVE-2005-4336 | Cross-Site Scripting vulnerability in CourseForum Technologies ProjectForum Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) originalpageid parameter in admin/newpage.html associated with a group. network courseforum | 4.3 |
| 2005-12-17 | CVE-2005-4335 | Denial-Of-Service vulnerability in Projectforum ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html. | 7.8 |
| 2005-12-17 | CVE-2005-4334 | SQL Injection vulnerability in John Andersson Zixforum 1.12 SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp. | 7.5 |