Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-05 | CVE-2005-4012 | Unspecified vulnerability in PHP web Statistik 1.4 Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php. network php-web | 4.3 |
| 2005-12-05 | CVE-2005-4011 | SQL Injection vulnerability in Codewalkers Ltwcalendar SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-05 | CVE-2005-4010 | SQL Injection vulnerability in KBase Express SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php. | 7.5 |
| 2005-12-05 | CVE-2005-4009 | SQL-Injection vulnerability in PHP Lite Calendar Express 2.0/2.2 Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php. | 7.5 |
| 2005-12-05 | CVE-2005-4008 | SQL Injection vulnerability in JAX Calendar JAX Calendar 1.34 SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. | 7.5 |
| 2005-12-05 | CVE-2005-4005 | SQL Injection vulnerability in PHP Fusion PHP Fusion 6.00.109 SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php. | 7.5 |
| 2005-12-05 | CVE-2005-4004 | Cross-Site Scripting vulnerability in InfinetSoftware MyTemplateSite Search.ASP Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. network infinetsoftware | 4.3 |
| 2005-12-05 | CVE-2005-4003 | Cross-Site Scripting vulnerability in Absolute Shopping Package Solutions Shopping Cart 2.1/2.9D Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. | 7.5 |
| 2005-12-05 | CVE-2005-4002 | Remote Security vulnerability in WebEOC WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. | 4.0 |
| 2005-12-05 | CVE-2005-4001 | SQL Injection vulnerability in PHPYellowTM Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php. | 7.5 |