Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-01 | CVE-2005-3955 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php. | 4.3 |
| 2005-12-01 | CVE-2005-3954 | Cross-Site Scripting vulnerability in Blogbuddies 0.3 Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php. network blogbuddies | 4.3 |
| 2005-12-01 | CVE-2005-3953 | SQL Injection vulnerability in Bedeng PSP Bedeng PSP 1.1 SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php. | 7.5 |
| 2005-12-01 | CVE-2005-3952 | SQL Injection vulnerability in PHP Labs TOP Auction 1.0 SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. | 7.5 |
| 2005-12-01 | CVE-2005-3951 | SQL-Injection vulnerability in Survey Wizard SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
| 2005-12-01 | CVE-2005-3950 | Remote Denial Of Service vulnerability in NuFW Malformed Packet nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets. | 6.8 |
| 2005-12-01 | CVE-2005-3949 | SQL Injection vulnerability in Webcalendar 1.0.1 Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php. | 7.5 |
| 2005-12-01 | CVE-2005-3948 | Local File Include vulnerability in PHPAlbum Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters. | 5.0 |
| 2005-12-01 | CVE-2005-3946 | Improper Input Validation vulnerability in Opera Browser 8.50 Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. | 5.0 |
| 2005-12-01 | CVE-2005-3945 | Remote Denial of Service vulnerability in Microsoft Windows 2000 and Windows 2003 Server The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. | 7.8 |