Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-04-27 | CVE-2005-0413 | SQL Injection vulnerability in Myphp Forum Myphp Forum 1.0/2.0/3.0 Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. | 7.5 |
| 2005-04-27 | CVE-2005-0412 | Cross-Site Scripting vulnerability in Postwrap Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows remote attackers to inject arbitrary HTML and web script via the page parameter. network spidean | 6.8 |
| 2005-04-27 | CVE-2005-0229 | Remote Information Disclosure vulnerability in CitrusDB Credit Card Data CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt. | 5.0 |
| 2005-04-27 | CVE-2005-0206 | Integer Overflow vulnerability in Xpdf PDFTOPS The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | 7.5 |
| 2005-04-27 | CVE-2005-0159 | Insecure Temporary File Creation vulnerability in Debian Toolchain-Source The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
| 2005-04-27 | CVE-2005-0087 | The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library. | 4.6 |
| 2005-04-27 | CVE-2005-0085 | Cross-Site Scripting vulnerability in Dig Config Parameter Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. | 6.8 |
| 2005-04-27 | CVE-2005-0019 | Local Arbitrary Command Execution vulnerability in Yongguang Zhang Hztty 2.0 Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands. | 4.6 |
| 2005-04-27 | CVE-2004-1488 | Remote vulnerability in GNU WGet wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. | 5.0 |
| 2005-04-27 | CVE-2004-1487 | Remote vulnerability in GNU WGet wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. | 5.0 |