Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-10 | CVE-2005-4143 | SQL Injection vulnerability in Lyris ListManager SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL. | 7.5 |
| 2005-12-10 | CVE-2005-4142 | Unspecified vulnerability in Lyris Technologies INC Listmanager The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. | 7.5 |
| 2005-12-09 | CVE-2005-4141 | SQL Injection vulnerability in ASPMForum Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp. | 7.5 |
| 2005-12-09 | CVE-2005-4140 | SQL Injection vulnerability in Website Baker 2.5.2/2.6 SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field. | 7.5 |
| 2005-12-09 | CVE-2005-4139 | Input Validation vulnerability in Thwboard Beta 2.8 Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php. | 7.5 |
| 2005-12-09 | CVE-2005-4138 | Input Validation vulnerability in ThWboard Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php. network thwboard | 4.3 |
| 2005-12-09 | CVE-2005-4137 | Cross-Site Scripting vulnerability in FAD Solutions Drzes HMS 3.2 SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter. | 7.5 |
| 2005-12-09 | CVE-2005-4136 | Cross-Site Scripting vulnerability in FAD Solutions Drzes HMS 3.2 Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter. network fad-solutions | 4.3 |
| 2005-12-09 | CVE-2005-4135 | Remote Arbitrary Command Execution vulnerability in Simplebbs 1.0.6/1.0.7/1.1 Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php. | 7.5 |
| 2005-12-09 | CVE-2005-4134 | Buffer Overflow vulnerability in Mozilla Firefox Large History File Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. | 5.0 |