Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0862 | Remote File Include vulnerability in PHPopenchat 2.3.4/3.0.1 Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php. | 7.5 |
2005-05-02 | CVE-2005-0861 | Unspecified vulnerability in Delegate Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays." | 7.5 |
2005-05-02 | CVE-2005-0860 | Remote File Include vulnerability in the Rusted Gate TRG News 3.0 PHP remote file inclusion vulnerability in TRG News Script 3.0 allows remote attackers to execute arbitrary PHP code via the dir parameter to (1) article.php, (2) authorall.php, (3) comment.php, (4) display.php, or (5) displayall.php. | 7.5 |
2005-05-02 | CVE-2005-0859 | Remote File Include vulnerability in Czaries Network Czarnews 1.13B PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. | 7.5 |
2005-05-02 | CVE-2005-0858 | Cross-Site Scripting And SQL Injection vulnerability in CoolForum Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php. | 7.5 |
2005-05-02 | CVE-2005-0857 | Cross-Site Scripting And SQL Injection vulnerability in CoolForum Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. network coolforum | 4.3 |
2005-05-02 | CVE-2005-0856 | SQL-Injection vulnerability in CoolForum CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate SQL commands via certain requests to (1) alert.php or (2) viewip.php, possibly due to a SQL injection vulnerability. | 7.5 |
2005-05-02 | CVE-2005-0855 | Remote Security vulnerability in CoolForum CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message. | 10.0 |
2005-05-02 | CVE-2005-0854 | Remote vulnerability in Betaparticle Blog 2.0/3.0 betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp. | 7.5 |
2005-05-02 | CVE-2005-0853 | Remote vulnerability in Betaparticle Blog 2.0/3.0 betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. | 5.0 |