Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-06-20 | CVE-2005-2034 | Cross-Site Scripting vulnerability in Blue-Collar Productions I-Gallery 3.3 Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. network blue-collar-productions | 4.3 |
2005-06-20 | CVE-2005-2033 | Path Traversal vulnerability in Blue-Collar Productions I-Gallery 3.3 Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter. | 5.0 |
2005-06-20 | CVE-2005-2025 | Unspecified vulnerability in Cisco products Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname. | 5.0 |
2005-06-20 | CVE-2005-2021 | Cross-Site Scripting vulnerability in cPanel User Parameter Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page. network cpanel | 4.3 |
2005-06-20 | CVE-2005-2014 | Local Security vulnerability in PHP Arena Pafaq 1.0Beta4 The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. | 4.6 |
2005-06-20 | CVE-2005-2013 | Information Disclosure vulnerability in PHP Arena Pafaq 1.0Beta4 paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | 5.0 |
2005-06-20 | CVE-2005-2012 | SQL-Injection vulnerability in PHP Arena Pafaq 1.0Beta4 Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters. | 7.5 |
2005-06-20 | CVE-2005-2011 | Cross-Site Scripting vulnerability in PHP Arena Pafaq 1.0Beta4 Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action. network php-arena | 4.3 |
2005-06-20 | CVE-2005-2010 | Cross-Site Scripting vulnerability in Uapplication Ublog Reload 1.0.5 Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter. network uapplication | 4.3 |
2005-06-20 | CVE-2005-2009 | SQL-Injection vulnerability in Ublog Reload 1.0.5 Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp. | 7.5 |