Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-06-01 | CVE-2005-1836 | Denial-Of-Service vulnerability in Nextweb (i)Site NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files. | 5.0 |
| 2005-06-01 | CVE-2005-1834 | SQL-Injection vulnerability in Nextweb %28I%29Site SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. | 7.5 |
| 2005-06-01 | CVE-2005-1823 | SQL Injection and Cross-Site Scripting vulnerability in Qualiteam X-Cart 4.0.8 Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. network qualiteam | 4.3 |
| 2005-06-01 | CVE-2005-1822 | SQL Injection and Cross-Site Scripting vulnerability in Qualiteam X-Cart 4.0.8 Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. | 7.5 |
| 2005-06-01 | CVE-2005-1821 | Remote File Include vulnerability in Powerscripts.Org Powerdownload 3.0.2/3.0.3 PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php. | 7.5 |
| 2005-06-01 | CVE-2005-1820 | Remote Command Execution vulnerability in Zeroboard Preg_replace zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function. | 7.5 |
| 2005-06-01 | CVE-2005-1819 | Unspecified vulnerability in Nikosoft Webmail Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network nikosoft | 4.3 |
| 2005-06-01 | CVE-2005-1818 | SQL Injection vulnerability in NewLife Blogger Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 allow remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2005-06-01 | CVE-2005-1817 | Unspecified vulnerability in Invision Power Services Invision Board Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters. | 5.0 |
| 2005-06-01 | CVE-2005-1816 | Privilege Escalation vulnerability in Invision Power Board Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen. | 4.6 |