Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-14 | CVE-2005-2891 | Unspecified vulnerability in Csystems Webarchivex 5.5.0.76 WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods. | 6.4 |
| 2005-09-14 | CVE-2005-2890 | Unspecified vulnerability in Secureol VE2 1.05.1008 SecureOL VE2 1.05.1008 does not properly restrict public access to physical memory, which allows local users to bypass intended restrictions and gain access to the secured environment via direct access to the PhysicalMemory device. | 4.6 |
| 2005-09-14 | CVE-2005-2889 | Security Bypass vulnerability in Checkpoint Connectra NGX R60 Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions. | 7.5 |
| 2005-09-14 | CVE-2005-2888 | SQL-Injection vulnerability in MyBB Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php. | 7.5 |
| 2005-09-14 | CVE-2005-2887 | Information Disclosure vulnerability in Maxdev Md-Pro 1.0.73 MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message. | 5.0 |
| 2005-09-14 | CVE-2005-2886 | Cross-Site Scripting vulnerability in MAXdev MD-Pro Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php. network maxdev | 4.3 |
| 2005-09-14 | CVE-2005-2885 | Remote File Upload vulnerability in Maxdev Md-Pro 1.0.73 The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files. | 7.5 |
| 2005-09-14 | CVE-2005-2884 | HTML Injection vulnerability in Land Down Under Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event. network neocrome | 4.3 |
| 2005-09-14 | CVE-2005-2882 | Remote Cross-Site Scripting vulnerability in PHPcommunitycalendar 4.0/4.0.1/4.0.3 Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors. network phpcommunitycalendar | 4.3 |
| 2005-09-14 | CVE-2005-2881 | Security Bypass vulnerability in PHPcommunitycalendar 4.0.3 phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory. | 7.5 |