Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-08-24 | CVE-2005-2691 | Remote Security vulnerability in Runcms 1.1/1.1A/1.2 includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. | 7.5 |
| 2005-08-24 | CVE-2005-2690 | SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.76Rc4B SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php. | 7.5 |
| 2005-08-24 | CVE-2005-2689 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.76Rc4B Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php. | 2.6 |
| 2005-08-24 | CVE-2005-2688 | Cross-Site Scripting vulnerability in Savewebportal 3.4 Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields. network savewebportal | 4.3 |
| 2005-08-24 | CVE-2005-2687 | Remote Security vulnerability in Savewebportal 3.4 PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | 7.5 |
| 2005-08-24 | CVE-2005-2686 | Directory Traversal vulnerability in Savewebportal 3.4 Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | 7.5 |
| 2005-08-24 | CVE-2005-2685 | Remote Security vulnerability in Savewebportal 3.4 SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. | 7.5 |
| 2005-08-24 | CVE-2005-2556 | Input Validation vulnerability in Mantis core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | 7.5 |
| 2005-08-24 | CVE-2005-2534 | Denial Of Service vulnerability in OpenVPN Same Client Certificate Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate. | 2.6 |
| 2005-08-24 | CVE-2005-2533 | Unspecified vulnerability in Openvpn OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses. | 2.1 |