Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-22 | CVE-2005-3741 | Unspecified vulnerability in Almondsoft Almond Classifieds Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions. | 7.5 |
2005-11-22 | CVE-2005-3740 | SQL Injection vulnerability in PHP-Fusion Options.php and Viewforum.php Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php. | 7.5 |
2005-11-22 | CVE-2005-3739 | Remote Security vulnerability in PHP-Fusion Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors. | 5.0 |
2005-11-22 | CVE-2005-3738 | Remote File Include vulnerability in Mambo Open Source globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. | 2.6 |
2005-11-22 | CVE-2005-3737 | Buffer Overflow vulnerability in Inkscape SVG Image Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values. | 5.1 |
2005-11-22 | CVE-2005-3736 | Unspecified vulnerability in Coastal Data Management E-Quick Cart Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp. network coastal-data-management | 4.3 |
2005-11-22 | CVE-2005-3735 | SQL Injection vulnerability in e-Quick Cart Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp. | 7.5 |
2005-11-22 | CVE-2005-3734 | Cross-Site Scripting vulnerability in PHPMyFAQ Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters. network phpmyfaq | 4.3 |
2005-11-21 | CVE-2005-3733 | Multiple Unspecified vulnerability in Juniper Networks Routers ISAKMP IKE Traffic The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.5 |
2005-11-21 | CVE-2005-2339 | Cross-Site Scripting vulnerability in Msearch Unicode Msearch 1.51U1/1.51U1Beta1/1.52U1 Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network msearch | 4.3 |