Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-16 | CVE-2005-3555 | Input Validation vulnerability in PHPList Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page. | 6.5 |
| 2005-11-16 | CVE-2005-3554 | Code Injection vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables. | 5.1 |
| 2005-11-16 | CVE-2005-3553 | SQL Injection vulnerability in PHPkit Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). | 7.5 |
| 2005-11-16 | CVE-2005-3552 | Cross-Site Scripting vulnerability in PHPkit Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook. | 4.3 |
| 2005-11-16 | CVE-2005-3551 | Information Disclosure vulnerability in Toendacms toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file. | 5.0 |
| 2005-11-16 | CVE-2005-3550 | Directory Traversal vulnerability in toendaCMS Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. | 5.0 |
| 2005-11-16 | CVE-2005-3549 | Remote Security vulnerability in Invision Power Services Invision Board 2.0.1 Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now". | 6.5 |
| 2005-11-16 | CVE-2005-3548 | Path Traversal vulnerability in Invision Power Services Invision Board 2.0.1 Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. | 4.0 |
| 2005-11-16 | CVE-2005-3547 | Cross-Site Scripting vulnerability in Invision Power Services Invision Board 2.1 Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. network invision-power-services | 4.3 |
| 2005-11-16 | CVE-2005-3546 | Local Privilege Escalation vulnerability in F-Secure Anti-Virus and Internet Gatekeeper suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege. | 7.2 |