Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-05 | CVE-2005-4022 | Input Validation vulnerability in Gallery Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. network gallery-project | 4.3 |
| 2005-12-05 | CVE-2005-4021 | Input Validation vulnerability in Gallery The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | 5.0 |
| 2005-12-05 | CVE-2005-4020 | SQL-Injection vulnerability in Widget Imprint SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | 7.5 |
| 2005-12-05 | CVE-2005-4019 | SQL Injection vulnerability in Relative Real Estate Systems SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter. | 7.5 |
| 2005-12-05 | CVE-2005-4018 | SQL Injection vulnerability in SAMEDIA Landshop SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start, (2) search_order, (3) search_type, (4) search_area, and (5) keyword parameters. | 7.5 |
| 2005-12-05 | CVE-2005-4017 | property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | 5.0 |
| 2005-12-05 | CVE-2005-4016 | SQL Injection vulnerability in Widget Press Widget Property 1.1.19 SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php. | 7.5 |
| 2005-12-05 | CVE-2005-4015 | Remote Security vulnerability in PHP web Statistik 1.4 PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php. | 5.0 |
| 2005-12-05 | CVE-2005-4014 | Denial-Of-Service vulnerability in PHP web Statistik 1.4 stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value. | 7.8 |
| 2005-12-05 | CVE-2005-4013 | Information Disclosure vulnerability in PHP web Statistik 1.4 PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file. | 5.0 |