Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-05 | CVE-2005-2113 | SQL-Injection vulnerability in Xoops SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method. | 7.5 |
| 2005-07-05 | CVE-2005-2112 | Cross-Site Scripting vulnerability in Xoops Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. network xoops | 4.3 |
| 2005-07-05 | CVE-2005-2111 | Remote Security vulnerability in Community Link Pro Web Editor login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter. | 7.5 |
| 2005-07-05 | CVE-2005-2110 | Information Disclosure vulnerability in WordPress WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. | 5.0 |
| 2005-07-05 | CVE-2005-2109 | Denial-Of-Service vulnerability in WordPress wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. | 5.0 |
| 2005-07-05 | CVE-2005-2108 | SQL-Injection vulnerability in WordPress SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file. | 7.5 |
| 2005-07-05 | CVE-2005-2107 | Cross-Site Scripting vulnerability in WordPress Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. network wordpress | 4.3 |
| 2005-07-05 | CVE-2005-2106 | Unspecified vulnerability in Drupal Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | 5.0 |
| 2005-07-05 | CVE-2005-2105 | Security Bypass vulnerability in IOS Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. | 7.5 |
| 2005-07-05 | CVE-2005-2094 | Cross-Site Scripting vulnerability in SUN ONE web Server 6.1 Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network sun | 4.3 |