Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-09-20 | CVE-2005-2983 | SQL Injection vulnerability in Oracle Reports 1.00 SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | 7.5 |
2005-09-20 | CVE-2005-2982 | Cross-Site Scripting vulnerability in Compaq Compaqhttpserver 2.1 Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. network compaq | 4.3 |
2005-09-20 | CVE-2005-2981 | Cross-Site Scripting vulnerability in Orionserver Orion Application Server 1.3.8/1.4.5 Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | 4.3 |
2005-09-16 | CVE-2005-2957 | Remote Buffer Overflow vulnerability in Avira Desktop 1.00.00.68 Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive. | 7.5 |
2005-09-16 | CVE-2005-2956 | Remote Information Disclosure vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files. | 5.0 |
2005-09-16 | CVE-2005-2955 | Local Security vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others. | 4.6 |
2005-09-16 | CVE-2005-2954 | SQL Injection vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field. | 7.5 |
2005-09-16 | CVE-2005-2953 | Cross-Site Scripting vulnerability in Miva Merchant 5.0 Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter. network miva | 4.3 |
2005-09-16 | CVE-2005-2952 | Remote Directory Traversal vulnerability in Subscribe Me Pro S.PL Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2005-09-16 | CVE-2005-2951 | Directory Traversal vulnerability in Azerbaijan Development Group Azdgdating 2.1.3 Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement. | 7.5 |