Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-14 | CVE-2005-4250 | Directory Traversal vulnerability in Mcgallery PRO 1.0/1.1/2.2 Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter. | 5.0 |
2005-12-14 | CVE-2005-4247 | Cross-Site Scripting vulnerability in Plogger Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | 4.3 |
2005-12-14 | CVE-2005-4246 | SQL Injection vulnerability in Plogger SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. | 7.5 |
2005-12-14 | CVE-2005-4245 | Cross-Site Scripting vulnerability in Snipegallery Snipe Gallery Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 4.3 |
2005-12-14 | CVE-2005-4244 | SQL Injection vulnerability in Snipegallery Snipe Gallery SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | 7.5 |
2005-12-14 | CVE-2005-4241 | Input Validation vulnerability in VCD-DB Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter. network vcd-db | 4.3 |
2005-12-14 | CVE-2005-4240 | Input Validation vulnerability in VCD-DB SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter. | 7.5 |
2005-12-14 | CVE-2005-4239 | Cross-Site Scripting vulnerability in PHP JackKnife Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter. network php-jackknife | 4.3 |
2005-12-14 | CVE-2005-4238 | Cross-Site Scripting vulnerability in Mantis View_filters_page.PHP Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter. network mantis | 4.3 |
2005-12-14 | CVE-2005-4237 | Cross-Site Scripting vulnerability in MySQL Auction Search Module Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module. network servers-r-us | 4.3 |