Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0872 | Unspecified vulnerability in PHPbb Group PHPbb 1.0.1 Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. network phpbb-group | 4.3 |
2005-05-02 | CVE-2005-0871 | Information Disclosure vulnerability in PHPbb Group PHPbb 1.0.1 calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. | 5.0 |
2005-05-02 | CVE-2005-0870 | Cross-Site Scripting vulnerability in PHPsysinfo 2.3 Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php. network phpsysinfo | 4.3 |
2005-05-02 | CVE-2005-0869 | Information Disclosure vulnerability in PHPsysinfo 2.3 phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0868 | Remote Security vulnerability in Client Access AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC. | 7.5 |
2005-05-02 | CVE-2005-0867 | Unspecified vulnerability in Linux Kernel 2.6.0 Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file. | 7.2 |
2005-05-02 | CVE-2005-0866 | Unspecified vulnerability in Cdrtools Cdrecord cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-05-02 | CVE-2005-0865 | Remote vulnerability in Securecomputing Samsung Adsl Modem Smdk8947V1.2 Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi. | 7.5 |
2005-05-02 | CVE-2005-0864 | Remote vulnerability in Securecomputing Samsung Adsl Modem Smdk8947V1.2 The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. | 5.0 |
2005-05-02 | CVE-2005-0863 | HTML Injection vulnerability in PHPopenchat 3.0.0/3.0.1/3.0.2 Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php. network phpopenchat | 4.3 |