Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-15 | CVE-2005-4253 | Cross-Site Scripting vulnerability in Torrential 1.2 Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. network torrential | 4.3 |
2005-12-15 | CVE-2005-4248 | Input Validation vulnerability in Quickpaypro 3.1 Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php. network quickpaypro | 4.3 |
2005-12-15 | CVE-2005-4243 | Input Validation vulnerability in Quickpaypro 3.1 Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php. | 7.5 |
2005-12-14 | CVE-2005-1928 | Resource Management Errors vulnerability in Trend Micro Serverprotect Earthagent 5.58 Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak. | 7.8 |
2005-12-14 | CVE-2005-1929 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. | 7.5 |
2005-12-14 | CVE-2005-3360 | Products Local Insecure Permissions vulnerability in Trend Micro Pc-Cillin 2005 12.00Build1244 The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by modifying or moving critical program files. | 7.2 |
2005-12-14 | CVE-2005-1930 | Directory Traversal vulnerability in Trend Micro Serverprotect 5.58 Directory traversal vulnerability in the Crystal Report component (rptserver.asp) in Trend Micro ServerProtect Management Console 5.58, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, and possibly earlier versions, allows remote attackers to read arbitrary files via the IMAGE parameter. | 5.0 |
2005-12-14 | CVE-2005-4242 | Cross-Site Scripting vulnerability in Turba H3 Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data. network horde | 4.3 |
2005-12-14 | CVE-2005-4252 | Input Validation vulnerability in mcGallery PRO Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters. network mcgallery | 4.3 |
2005-12-14 | CVE-2005-4251 | Input Validation vulnerability in Mcgallery PRO 1.0/1.1/2.2 Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php. | 7.5 |