Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-10-27 | CVE-2005-3334 | Cross-Site Scripting vulnerability in Flyspray 0.9.7/0.9.8 Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters. network flyspray | 4.3 |
2005-10-27 | CVE-2005-3333 | SQL Injection vulnerability in Ebase Ebaseweb 3.0 SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2005-10-27 | CVE-2005-3332 | Remote File Include vulnerability in Belchior Foundry Vcard 2.9 PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter. | 7.5 |
2005-10-27 | CVE-2005-3331 | Unspecified vulnerability in Rogers Software Source Mgdiff Patch Viewer 1.0 viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-10-27 | CVE-2005-3330 | Improper Input Validation vulnerability in Snoopy 1.2 The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function. | 7.5 |
2005-10-27 | CVE-2005-3329 | Cross-Site Scripting vulnerability in RSA ACE Agent Image Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation. network rsa | 4.3 |
2005-10-27 | CVE-2005-3328 | Unspecified vulnerability in Punbb PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. | 7.5 |
2005-10-27 | CVE-2005-3327 | Authentication Bypass vulnerability in Network Appliance iSCSI Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity. | 7.5 |
2005-10-27 | CVE-2005-3326 | SQL Injection vulnerability in MyBulletinBoard Usercp.PHP SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter. | 7.5 |
2005-10-27 | CVE-2005-3325 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters. | 7.5 |