Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-08-29 | CVE-2005-2717 | Remote File Include vulnerability in Webcalendar 1.0.0 PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts. | 7.5 |
| 2005-08-29 | CVE-2005-2716 | Remote Command Execution vulnerability in Nokia Affix BTSRV Device Name The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name. | 7.5 |
| 2005-08-26 | CVE-2005-2699 | File-Upload vulnerability in PHPkit 1.6.1 Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. | 4.6 |
| 2005-08-26 | CVE-2005-2698 | Cross-Site Scripting vulnerability in Nelogic Technologies Nephp Publisher Enterprise 3.04 Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter. network nelogic-technologies | 4.3 |
| 2005-08-26 | CVE-2005-2697 | SQL Injection vulnerability in MyBulletinBoard Search.PHP SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. | 7.5 |
| 2005-08-26 | CVE-2005-2696 | Information Disclosure vulnerability in Lotus Notes IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. | 5.0 |
| 2005-08-26 | CVE-2005-2695 | Unspecified vulnerability in Cisco products Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS). | 5.0 |
| 2005-08-26 | CVE-2005-2694 | Remote Security vulnerability in Winace 2.6.0.5 Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allows remote attackers to execute arbitrary code via a temporary (.tmp) file that contains an entry with a long file name. | 7.5 |
| 2005-08-26 | CVE-2005-2693 | Unspecified vulnerability in CVS 1.12.12 cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack. | 4.6 |
| 2005-08-24 | CVE-2005-2692 | SQL-Injection vulnerability in Runcms 1.1/1.1A/1.2 Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. | 7.5 |