Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-02 | CVE-2005-2791 | Remote vulnerability in BFCommand & Control Server Manager BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to cause a denial of service (refused new connections) via a series of connections and disconnections without sending the login command. | 5.0 |
| 2005-09-02 | CVE-2005-2790 | Remote vulnerability in BFCommand & Control Server Manager BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client. | 7.5 |
| 2005-09-02 | CVE-2005-2789 | Remote vulnerability in BFCommand & Control Server Manager BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username. | 7.5 |
| 2005-09-02 | CVE-2005-2788 | SQL Injection vulnerability in Land Down Under Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php. | 7.5 |
| 2005-09-02 | CVE-2005-2787 | Directory Traversal vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter. | 5.0 |
| 2005-09-02 | CVE-2005-2786 | Directory Traversal vulnerability in Cosmoshop 8.10.78 Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | 5.0 |
| 2005-09-02 | CVE-2005-2785 | Information Disclosure vulnerability in Cosmoshop 8.10.78 cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information. | 2.1 |
| 2005-09-02 | CVE-2005-2784 | SQL Injection vulnerability in Cosmoshop 8.10.78 SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote attackers to execute arbitrary SQL commands and bypass authentication via unspecified vectors. | 7.5 |
| 2005-09-02 | CVE-2005-2783 | Unspecified vulnerability in PHP Fusion PHP Fusion Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags. network php-fusion | 4.3 |
| 2005-09-02 | CVE-2005-2782 | Remote File Include vulnerability in Autolinks 2.1 PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs. | 7.5 |