Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-14 | CVE-2005-1587 | Cross-Site Scripting vulnerability in Open Solution Quick.Cart 0.3.0 Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter. network open-solution | 4.3 |
| 2005-05-14 | CVE-2005-1586 | Information Disclosure vulnerability in Open Solution Quick.Forum 2.1.6 Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. | 5.0 |
| 2005-05-14 | CVE-2005-1584 | HTML Injection vulnerability in Open Solution Quick.Forum 2.1.6 Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action. network open-solution | 4.3 |
| 2005-05-14 | CVE-2005-1583 | Remote Security vulnerability in 1Two News 1.0 1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php. | 5.0 |
| 2005-05-14 | CVE-2005-1582 | Cross-Site Scripting vulnerability in 1Two News 1.0 Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables. network 1two | 4.3 |
| 2005-05-14 | CVE-2005-1581 | Cross-Site Scripting vulnerability in Eric Fichot BUG Report 1.0 Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php. network eric-fichot | 4.3 |
| 2005-05-14 | CVE-2005-1577 | Unspecified vulnerability in APG Technology Classmaster APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share. | 7.5 |
| 2005-05-14 | CVE-2005-1575 | Remote Security vulnerability in Mozilla Firefox 0.10.1/1.0 The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. | 5.0 |
| 2005-05-14 | CVE-2005-1571 | Directory Traversal vulnerability in Wenig and Spitzer-Williams Showoff Digital Media Software 1.5.4 Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts. | 5.0 |
| 2005-05-14 | CVE-2005-1570 | SQL-Injection vulnerability in Battleaxe Software Bttlxeforum 2.0 forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability. | 5.0 |