Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-16 | CVE-2005-3544 | Unspecified vulnerability in XMB Forum XMB 1.9.3 Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network xmb-forum | 4.3 |
2005-11-16 | CVE-2005-3543 | SQL Injection vulnerability in Phorum SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. | 6.8 |
2005-11-16 | CVE-2005-3344 | Unspecified vulnerability in Horde 3.0.4 The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. | 10.0 |
2005-11-16 | CVE-2005-2659 | Buffer Overflow vulnerability in JED Wing CHM LIB 0.35 Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors. | 10.0 |
2005-11-07 | CVE-2005-3524 | Remote Buffer Overflow vulnerability in Linux-Ftpd-Ssl 0.17 Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command. | 10.0 |
2005-11-06 | CVE-2005-3522 | Cross-Site Scripting vulnerability in Adventnet Manageengine Netflow Analyzer 4.0.2 Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. network adventnet | 4.3 |
2005-11-06 | CVE-2005-3521 | SQL Injection vulnerability in E107 0.617/0.6171/0.6172 SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. | 7.5 |
2005-11-06 | CVE-2005-3520 | Cross-Site Scripting vulnerability in MySource Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php. network mysource | 4.3 |
2005-11-06 | CVE-2005-3519 | Unspecified vulnerability in Mysource 2.14.0/2.14.0Rc2 Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php. | 7.5 |
2005-11-06 | CVE-2005-3518 | Unspecified vulnerability in Punbb 1.2.7/1.2.8 SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter. | 7.5 |