Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-1245 | HTML Tidy Cross-Site Scripting vulnerability in MediaWiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network mediawiki | 4.3 |
2005-05-02 | CVE-2005-1243 | Directory Traversal vulnerability in Axcessit Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | 5.0 |
2005-05-02 | CVE-2005-1242 | Directory Traversal vulnerability in Global Security Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | 5.0 |
2005-05-02 | CVE-2005-1239 | Unspecified vulnerability in Raz-Lee Security+++ Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | 5.0 |
2005-05-02 | CVE-2005-1238 | Remote Security vulnerability in Iseries As 400 By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | 7.5 |
2005-05-02 | CVE-2005-1237 | SQL Injection vulnerability in FlexPHPNews News.PHP SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | 7.5 |
2005-05-02 | CVE-2005-1236 | SQL Injection vulnerability in Duware Duportal 3.1.2/3.1.2Sql Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224. | 7.5 |
2005-05-02 | CVE-2005-1235 | Information Disclosure vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-1234 | SQL Injection vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php. | 5.0 |
2005-05-02 | CVE-2005-1232 | Remote Security vulnerability in SUN Java System web Proxy Server 3.6 Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |