Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-05 | CVE-2005-4000 | Cross-Site Scripting vulnerability in SiteBeater News Archive.ASP Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the sKeywords parameter. network sitebeater | 4.3 |
| 2005-12-05 | CVE-2005-3999 | Cross-Site Scripting vulnerability in Sitebeater MP3 Catalog 2.0.3 Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. network sitebeater | 4.3 |
| 2005-12-05 | CVE-2005-3998 | Cross-Site Scripting vulnerability in Solupress News Search.ASP Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. network solupress | 4.3 |
| 2005-12-05 | CVE-2005-3997 | Information Disclosure vulnerability in Zen Cart Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message. | 2.6 |
| 2005-12-05 | CVE-2005-3996 | SQL Injection vulnerability in Zen-Cart ZEN Cart SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. | 5.1 |
| 2005-12-05 | CVE-2005-3995 | Remote Format String vulnerability in Sobexsrv Dosyslog Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands. | 5.1 |
| 2005-12-05 | CVE-2005-3993 | Denial-Of-Service vulnerability in MailEnable Enterprise Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. | 7.8 |
| 2005-12-04 | CVE-2005-3992 | Remote Buffer Overflow vulnerability in Wineggdropshell 1.7 Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server. | 7.5 |
| 2005-12-04 | CVE-2005-3991 | Cross-Site Scripting vulnerability in PHPheaven PHPmychat 0.14.6 Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.css.php; or the From parameter to users_popupL.php. network phpheaven | 4.3 |
| 2005-12-04 | CVE-2005-3989 | Remote Denial of Service vulnerability in Avaya TN2602AP IP Media Resource 320 Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. | 7.8 |