Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1117 | Remote File Include vulnerability in All4Www All4Www-Homepagecreator 1.0A PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2005-05-02 | CVE-2005-1116 | Cross-Site Scripting vulnerability in phpBB Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. network phpbb-group | 4.3 |
| 2005-05-02 | CVE-2005-1115 | Cross-Site Scripting vulnerability in PHPBB Photo Album Module Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. | 4.3 |
| 2005-05-02 | CVE-2005-1114 | Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters. | 7.5 |
| 2005-05-02 | CVE-2005-1113 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb Plus 1.3/1.51 Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php. network phpbb-group | 4.3 |
| 2005-05-02 | CVE-2005-1112 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. | 5.0 |
| 2005-05-02 | CVE-2005-1111 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | 4.7 |
| 2005-05-02 | CVE-2005-1110 | Unspecified vulnerability in Sumus 0.2.2 Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81. | 7.5 |
| 2005-05-02 | CVE-2005-1109 | Unspecified vulnerability in Junkbuster Internet Junkbuster 2.0.1/2.0.2/2.0.2R2 The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption. | 7.5 |
| 2005-05-02 | CVE-2005-1108 | Unspecified vulnerability in Junkbuster Internet Junkbuster 2.0.2R2 The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request. | 5.0 |