Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-07 | CVE-2005-2838 | SQL Injection vulnerability in Mywebland Mybloggie 2.1.1/2.1.2/2.1.3Beta SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
| 2005-09-07 | CVE-2005-2836 | Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php. network phorum | 4.3 |
| 2005-09-07 | CVE-2005-2820 | Unspecified vulnerability in Inter7 Sqwebmail 5.0.4 Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". network inter7 | 4.3 |
| 2005-09-07 | CVE-2005-2819 | Permissions, Privileges, and Access Controls vulnerability in Eric Fichot Downfile 1.3 DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php. | 7.5 |
| 2005-09-07 | CVE-2005-2818 | Cross-Site Scripting vulnerability in Eric Fichot Downfile 1.3 Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php. | 4.3 |
| 2005-09-07 | CVE-2005-2817 | Information Disclosure vulnerability in Simple Machines Simple Machines Forum 1.0.5 Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server. | 5.0 |
| 2005-09-07 | CVE-2005-2816 | Cross-Site Scripting vulnerability in Greymatter Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file. network greymatter | 4.3 |
| 2005-09-07 | CVE-2005-2815 | Denial-Of-Service vulnerability in Flatnuke 2.5.6 print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1. | 6.4 |
| 2005-09-07 | CVE-2005-2814 | Cross-Site Scripting vulnerability in Flatnuke 2.5.6 Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php. network flatnuke | 4.3 |
| 2005-09-07 | CVE-2005-2813 | Directory Traversal vulnerability in Flatnuke 2.5.6 Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php. | 5.0 |