Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-1231 | HTML Injection vulnerability in Jaws 0.3/0.4/0.5Beta2 Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description. network jaws | 4.3 |
2005-05-02 | CVE-2005-1230 | Directory Traversal vulnerability in Magnus Lundvall Yawcam 0.2.5 Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in a GET request. | 5.0 |
2005-05-02 | CVE-2005-1229 | Directory Traversal vulnerability in CPIO Filename Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. | 4.6 |
2005-05-02 | CVE-2005-1228 | Multiple Security vulnerability in Apple Mac OS X Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. | 5.0 |
2005-05-02 | CVE-2005-1226 | Information Disclosure vulnerability in Coppermine Photo Gallery 1.3.2 Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information. | 7.5 |
2005-05-02 | CVE-2005-1225 | SQL-Injection vulnerability in Coppermine Photo Gallery 1.3.2 SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. | 7.5 |
2005-05-02 | CVE-2005-1224 | SQL Injection vulnerability in Duware Duportal 3.4/Pro3.4/Sql3.4 Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236. | 7.5 |
2005-05-02 | CVE-2005-1223 | SQL-Injection vulnerability in Ocean12 Technologies Calendar Manager PRO 1.01 Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field. | 7.5 |
2005-05-02 | CVE-2005-1222 | Remote Security vulnerability in Netref 4.2 cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php. | 7.5 |
2005-05-02 | CVE-2005-1220 | Information Disclosure vulnerability in Shoutbox Script Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes. | 7.5 |