Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-17 | CVE-2005-4333 | Cross-Site Scripting vulnerability in Binary Board System Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl. network binary-concepts | 4.3 |
| 2005-12-17 | CVE-2005-4332 | JSP Pages Access Validation vulnerability in Cisco Clean Access Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp. | 9.4 |
| 2005-12-17 | CVE-2005-4331 | SQL Injection vulnerability in Ihtml Merchant Ihtml Merchant 2Pro SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters. | 7.5 |
| 2005-12-17 | CVE-2005-4330 | SQL Injection vulnerability in IHTML Merchant Mall SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters. | 7.5 |
| 2005-12-17 | CVE-2005-4329 | SQL Injection vulnerability in PHP Arena PAFileDB Extreme Edition SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter. | 7.5 |
| 2005-12-17 | CVE-2005-4328 | Cross-Site Scripting vulnerability in WebGlimpse Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter. network university-of-arizona | 4.3 |
| 2005-12-17 | CVE-2005-4327 | HTML Injection and Cross-Site Scripting vulnerability in WebCal Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt WebCal 1.11-3.04 allow remote attackers to inject arbitrary web script or HTML via the (1) function, (2) year, and (3) date parameters to webcal.cgi, (4) new calendar entries, and (5) notes for entries. network webcal | 4.3 |
| 2005-12-17 | CVE-2005-4326 | Remote Security vulnerability in PowerChute Network Shutdown The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials. | 5.0 |
| 2005-12-17 | CVE-2005-4325 | Remote Security vulnerability in Driverse Multiple unspecified vulnerabilities in Driverse before 0.56b have unknown impact and attack vectors, related to (1) a "ptrace exploit" and (2) "some other potential security problems." | 10.0 |
| 2005-12-17 | CVE-2005-4324 | Unspecified vulnerability in Hitachi Groupmax Mail Smtp 0650/0700 Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format." | 7.8 |