Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-15 | CVE-2005-4263 | SQL Injection vulnerability in Envolution SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter. | 7.5 |
| 2005-12-15 | CVE-2005-4262 | Input Validation vulnerability in Envolution Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. network envolution | 4.3 |
| 2005-12-15 | CVE-2005-4261 | Perl Security vulnerability in Positive Software Corporation CP+ Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure. | 7.8 |
| 2005-12-15 | CVE-2005-4260 | Unspecified vulnerability in Francisco Burzi PHP-Nuke Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. network francisco-burzi | 4.3 |
| 2005-12-15 | CVE-2005-4259 | SQL Injection vulnerability in Aspbb 0.4 Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) TID parameter in topic.asp, (2) FORUM_ID parameter in forum.asp, and (3) PROFILE_ID parameter in profile.asp. | 7.5 |
| 2005-12-15 | CVE-2005-4258 | Cisco Catalyst Switches LanD Packet Denial Of Service vulnerability in Multiple Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). | 7.8 |
| 2005-12-15 | CVE-2005-4257 | Denial Of Service vulnerability in Multiple Linksys Routers LanD Packet Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). | 7.8 |
| 2005-12-15 | CVE-2005-4256 | Cross-Site Scripting vulnerability in Asp-Dev XM Forum RC3 Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. network asp-dev | 4.3 |
| 2005-12-15 | CVE-2005-4255 | Cross-Site Scripting vulnerability in WikkaWiki Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter. network wikkawiki | 4.3 |
| 2005-12-15 | CVE-2005-4254 | SQL Injection vulnerability in Dreamlevels Dream Poll 3.0Final SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |