Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-03 | CVE-2005-3977 | Cross-Site Scripting vulnerability in Qualityebiz Qualityppc 1553 Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module. network qualityebiz | 4.3 |
| 2005-12-03 | CVE-2005-3976 | Software SQL Injection vulnerability in DUware SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter. | 7.5 |
| 2005-12-03 | CVE-2005-3975 | HTML Injection vulnerability in Drupal Image Upload Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. | 4.0 |
| 2005-12-03 | CVE-2005-3974 | Unspecified vulnerability in Drupal Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission. | 6.4 |
| 2005-12-03 | CVE-2005-3973 | HTML Injection vulnerability in Drupal Submitted Content Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist. network drupal | 4.3 |
| 2005-12-03 | CVE-2005-3972 | Cross-Site Scripting vulnerability in Extreme Corporate Extremesearch.PHP Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. network extreme-corporate | 4.3 |
| 2005-12-03 | CVE-2005-3971 | Applications Login Form Cross-Site Scripting vulnerability in Citrix Metaframe Secure Access Manager and Nfuse Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. network citrix | 4.3 |
| 2005-12-03 | CVE-2005-3970 | Input Validation vulnerability in MXChange Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network mxchange | 4.3 |
| 2005-12-03 | CVE-2005-3969 | Input Validation vulnerability in MXChange SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2005-12-03 | CVE-2005-3967 | Cross-Site Scripting vulnerability in Atlassian Confluence 2.0.1Build321 Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter. network atlassian | 4.3 |