Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0653 | Local Security vulnerability in PHPmyadmin 2.6.1 phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | 4.6 |
| 2005-05-02 | CVE-2005-0652 | Local Security vulnerability in Openvms Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files. | 2.1 |
| 2005-05-02 | CVE-2005-0651 | SQL Injection vulnerability in Projectbb 0.4.5.1 Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "drivers.php" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section. | 7.5 |
| 2005-05-02 | CVE-2005-0650 | Remote Cross-Site Scripting vulnerability in Projectbb 0.4.5.1 Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section. network projectbb | 4.3 |
| 2005-05-02 | CVE-2005-0649 | Cross-Site Scripting vulnerability in Safehtml Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." network pixel-apes-group | 4.3 |
| 2005-05-02 | CVE-2005-0648 | Cross-Site Scripting vulnerability in Pixel-Apes Group Safehtml 1.3.0 Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol." network pixel-apes-group | 4.3 |
| 2005-05-02 | CVE-2005-0647 | Remote Security vulnerability in PHP Arena Panews 2.0.4B admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. | 5.0 |
| 2005-05-02 | CVE-2005-0646 | SQL-Injection vulnerability in PHP Arena Panews 2.0.4B SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0645 | Cross-Site Scripting vulnerability in cuteNews Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php. network cutephp | 4.3 |
| 2005-05-02 | CVE-2005-0644 | Buffer Overflow/Directory Traversal vulnerability in Mcafee Antivirus Engine 4.3.20 Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643. | 7.5 |