Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-08-01 | CVE-2005-2405 | Improper Input Validation vulnerability in Opera Browser 8.01 Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code. | 5.0 |
| 2005-07-27 | CVE-2005-2404 | SQL Injection vulnerability in Sendcard 3.2.3 SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-07-27 | CVE-2005-2403 | Unspecified vulnerability in Realchat 3.5.1B The login protocol in RealChat 3.5.1b does not use authentication, which allows remote attackers to log on as other users by sniffing the beginning of a chat session and replaying it via a modified username. | 5.0 |
| 2005-07-27 | CVE-2005-2402 | Cross-Site Scripting vulnerability in PHPsitesearch 1.7.7D Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter. network phpsitesearch | 4.3 |
| 2005-07-27 | CVE-2005-2401 | Unspecified vulnerability in PHP Fusion PHP Fusion PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag. | 5.0 |
| 2005-07-27 | CVE-2005-2400 | Authentication Bypass vulnerability in PHPfinance 0.3 The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to bypass the login and gain privileges. | 7.5 |
| 2005-07-27 | CVE-2005-2399 | SQL Injection vulnerability in PHP Surveyor PHP Surveyor 0.98 PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to (1) browse.php, (2) export.php, (3) conditions.php, or (4) spss.php. | 7.5 |
| 2005-07-27 | CVE-2005-2398 | SQL Injection vulnerability in PHP Surveyor PHP Surveyor 0.98 Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php. | 7.5 |
| 2005-07-27 | CVE-2005-2397 | Cross-Site Scripting vulnerability in GNU PHPbook 1.46 Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter. network gnu | 4.3 |
| 2005-07-27 | CVE-2005-2396 | Remote Cross-Site Scripting vulnerability in MediaWiki Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template. network mediawiki | 4.3 |