Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-14 | CVE-2005-2902 | SQL Injection vulnerability in Class-1 Forum SQL injection vulnerability in class-1 Forum Software 0.24.4 allows remote attackers to execute arbitrary SQL commands and bypass the file extension check via SQL code in the file extension of an uploaded file. | 7.5 |
| 2005-09-14 | CVE-2005-2901 | Unspecified vulnerability in CJ Desing Cjweb2Mail 3.0 Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message, or (3) ip parameter to thankyou.php or (4) emsg parameter to web2mail.php. network cj-desing | 4.3 |
| 2005-09-14 | CVE-2005-2900 | Unspecified vulnerability in CJ Desing Cjlinkout 1.0 Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 allows remote attackers to inject arbitrary web script or HTML via the 123 parameter. network cj-desing | 4.3 |
| 2005-09-14 | CVE-2005-2899 | Unspecified vulnerability in CJ Design CJ TAG Board 3.0 Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date, (2) time, (3) name, (4) ip, (5) agent, or (6) msg parameter. network cj-design | 4.3 |
| 2005-09-14 | CVE-2005-2897 | Information Disclosure vulnerability in Stylemotion web News 1.4 WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php. | 5.0 |
| 2005-09-14 | CVE-2005-2896 | SQL Injection vulnerability in Stylemotion web News 1.4 SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php. | 7.5 |
| 2005-09-14 | CVE-2005-2895 | Information Disclosure vulnerability in Pblang 4.65 setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message. | 5.0 |
| 2005-09-14 | CVE-2005-2894 | HTML Injection vulnerability in Pblang 4.65 Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field. network pblang | 4.3 |
| 2005-09-14 | CVE-2005-2893 | Remote Security vulnerability in Pblang 4.65 Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login. | 7.5 |
| 2005-09-14 | CVE-2005-2892 | Directory Traversal vulnerability in Pblang 4.65 Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter. | 5.0 |