Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0678 | Remote Security vulnerability in Form Mail Script PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code. | 7.5 |
| 2005-05-02 | CVE-2005-0677 | Remote Security vulnerability in PHPoutsourcing Zorum 3.5 index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0675 | Cross-Site Scripting vulnerability in PHPoutsourcing Zorum 3.3/3.4/3.5 Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters. network phpoutsourcing | 4.3 |
| 2005-05-02 | CVE-2005-0673 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.13 Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. network phpbb-group | 4.3 |
| 2005-05-02 | CVE-2005-0672 | Remote vulnerability in Ca3DE Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference. | 7.5 |
| 2005-05-02 | CVE-2005-0670 | Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts. network coinsoft-technologies | 4.3 |
| 2005-05-02 | CVE-2005-0669 | Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module. | 7.5 |
| 2005-05-02 | CVE-2005-0666 | Privilege Escalation vulnerability in PaX VMA Mirroring Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code. | 4.6 |
| 2005-05-02 | CVE-2005-0665 | Unspecified vulnerability in John Bradley XV 3.10A Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename. | 5.1 |
| 2005-05-02 | CVE-2005-0664 | Unspecified vulnerability in Libexif 0.6.9 Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag. | 2.6 |