Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-07-13 | CVE-2005-2258 | Unspecified vulnerability in Squitosoft Squito Gallery 1.33 PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter. | 7.5 |
2005-07-13 | CVE-2005-2257 | Remote Security vulnerability in PHPslash 0.8.0 The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter. | 10.0 |
2005-07-13 | CVE-2005-2256 | Directory Traversal vulnerability in PHPPGAdmin Login Form Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter. | 5.0 |
2005-07-13 | CVE-2005-2255 | Directory Traversal vulnerability in Gianluca Baldo PHPauction 2.5 Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php. | 6.4 |
2005-07-13 | CVE-2005-2254 | Cross-Site Scripting vulnerability in Gianluca Baldo PHPauction 2.5 Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. | 4.3 |
2005-07-13 | CVE-2005-2253 | SQL-Injection vulnerability in Gianluca Baldo PHPauction 2.5 SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. | 7.5 |
2005-07-13 | CVE-2005-2252 | Security Bypass vulnerability in Gianluca Baldo PHPauction 2.5 PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID. | 7.5 |
2005-07-13 | CVE-2005-2251 | Unspecified vulnerability in Secure Reality PHPsecurepages PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468. | 7.5 |
2005-07-13 | CVE-2005-2250 | Remote Buffer Overflow vulnerability in Nokia Affix BTFTP Client Filename Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | 7.5 |
2005-07-13 | CVE-2005-2249 | Remote Security vulnerability in Jinzora 2.0.1 Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability. | 10.0 |