Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-03 | CVE-2005-3966 | Cross-Site Scripting vulnerability in Java Search Engine Java Search Engine 0.9.34 Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. network java-search-engine | 4.3 |
2005-12-02 | CVE-2005-3964 | Buffer Overflow vulnerability in Integrated Computer Solutions Openmotif 2.2.3 Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c. | 7.5 |
2005-12-02 | CVE-2005-3963 | SQL Injection vulnerability in Dotclear 1.2.1/1.2.2 SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie. | 7.5 |
2005-12-01 | CVE-2005-3962 | Numeric Errors vulnerability in Perl 5.8.6/5.9.2 Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. | 4.6 |
2005-12-01 | CVE-2005-3961 | File Corruption vulnerability in Webcalendar 1.0.1 export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | 5.0 |
2005-12-01 | CVE-2005-3960 | Remote Denial of Service vulnerability in Kadu Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information. | 7.8 |
2005-12-01 | CVE-2005-3959 | Cross-Site Scripting vulnerability in Freewebstat 1.0Rev37 Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php. network freewebstat | 4.3 |
2005-12-01 | CVE-2005-3958 | SQL Injection vulnerability in Entergal MX Entergal MX 2.0 SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter. | 7.5 |
2005-12-01 | CVE-2005-3957 | Trackback vulnerability in Dotclear 1.2.1 Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors. | 10.0 |
2005-12-01 | CVE-2005-3956 | SQL Injection vulnerability in Dmanews 0.904/0.91 Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action. | 7.5 |