Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-06 | CVE-2005-3511 | Cross-Site Scripting vulnerability in Spymac web OS 4.0 Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in index.php, (2) inspire, (3) system, or (4) title parameter in blog_newentry.php, (5) entry parameter in blog_newentry_comment.php, (6) entry parameter in blog_edit_entry.php, or (7) caldate parameter in blog.php; and (b) the notes module, including the (1) forwardid parameter in a noteform action; (2) del_folder parameter in a delete_folder action; (3) isread, (4) dateorder, (5) subjectorder, (6) curr, (7) fromorder, or (8) action parameters; (9) ppp or (10) totalreplies parameter in an Inbox action; (11) totalnotes parameter; or (12) touserid parameter in a noteform action. | 4.3 |
| 2005-11-06 | CVE-2005-3509 | SQL Injection vulnerability in Jportal web Portal 2.2.1/2.3.1 Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php. | 7.5 |
| 2005-11-06 | CVE-2005-3508 | SQL Injection vulnerability in Galerie 2.4 SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter. | 7.5 |
| 2005-11-06 | CVE-2005-3507 | Directory Traversal vulnerability in CutePHP CuteNews Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php. | 5.0 |
| 2005-11-06 | CVE-2005-3124 | Unspecified vulnerability in Acme Labs Thttpd 2.21B/2.23B1 syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file. | 2.1 |
| 2005-11-05 | CVE-2005-3506 | Cross-Site Scripting vulnerability in Sambar Server Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field. network sambar | 4.3 |
| 2005-11-05 | CVE-2005-3505 | HTML Injection vulnerability in Cpanel 10.2.0R82/10.6.0R137 Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer. network cpanel | 4.3 |
| 2005-11-05 | CVE-2005-3504 | Local Buffer Overflow vulnerability in IBM AIX SWCONS Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code. | 7.5 |
| 2005-11-05 | CVE-2005-3503 | Privilege Escalation vulnerability in CHFN User Modification chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges. | 7.2 |
| 2005-11-05 | CVE-2005-3502 | Information Disclosure vulnerability in Cerberus Helpdesk attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter. | 5.0 |