Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0785 | Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1 Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network yabb | 4.3 |
| 2005-05-02 | CVE-2005-0784 | Subject and Attachment HTML Injection vulnerability in Phorum 5.0.14 Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel. network phorum | 4.3 |
| 2005-05-02 | CVE-2005-0783 | Subject and Attachment HTML Injection vulnerability in Phorum 5.0.14 Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. network phorum | 4.3 |
| 2005-05-02 | CVE-2005-0782 | SQL Injection And Cross-Site Scripting vulnerability in PAFileDB Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php. network php-arena | 4.3 |
| 2005-05-02 | CVE-2005-0781 | SQL Injection And Cross-Site Scripting vulnerability in PAFileDB SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php. | 7.5 |
| 2005-05-02 | CVE-2005-0779 | Malformed User Name Connection Denial Of Service vulnerability in Platinumftp Platinumftpserver 1.0.18 PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username. | 5.0 |
| 2005-05-02 | CVE-2005-0778 | Remote vulnerability in Photopost PHP PRO 5.0Rc3 PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif. | 5.0 |
| 2005-05-02 | CVE-2005-0777 | Remote vulnerability in Photopost PHP PRO 5.0Rc3 Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile. network photopost | 4.3 |
| 2005-05-02 | CVE-2005-0776 | Remote vulnerability in Photopost PHP PRO 5.0Rc3 adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos. | 5.0 |
| 2005-05-02 | CVE-2005-0775 | Remote vulnerability in Photopost PHP PRO 5.0Rc3 The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator. | 7.5 |