Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-14 | CVE-2005-4236 | Cross-Site Scripting vulnerability in CKGold Search.PHP Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters. network cartkeeper | 4.3 |
| 2005-12-14 | CVE-2005-4235 | Cross-Site Scripting vulnerability in WHMCompleteSolution Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters. network whmcompletesolution | 4.3 |
| 2005-12-14 | CVE-2005-4234 | SQL Injection vulnerability in EncapsGallery Gallery.PHP SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-14 | CVE-2005-4233 | SQL Injection vulnerability in PHP Web Scripts Ad Manager Pro Advertiser_statistic.PHP SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter. | 7.5 |
| 2005-12-14 | CVE-2005-4231 | Input Validation vulnerability in Link Up Gold Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and the (3) direction or (4) sort parameter to articles.php. network php-web-scripts | 4.3 |
| 2005-12-14 | CVE-2005-4230 | Input Validation vulnerability in Link Up Gold SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter. | 7.5 |
| 2005-12-14 | CVE-2005-4229 | Cross-Site Scripting vulnerability in EveryAuction Auction.PL Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. network everyauction | 4.3 |
| 2005-12-14 | CVE-2005-4228 | SQL Injection vulnerability in PHPwebgallery Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. | 7.5 |
| 2005-12-14 | CVE-2005-4227 | Input Validation vulnerability in DCP-Portal Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. | 7.5 |
| 2005-12-14 | CVE-2005-4226 | SQL-Injection vulnerability in PhpWebThings Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. | 7.5 |