Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-13 | CVE-2005-2262 | Unspecified vulnerability in Mozilla Firefox 1.0.3/1.0.4 Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling." | 5.1 |
| 2005-07-13 | CVE-2005-2261 | Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | 7.5 |
| 2005-07-13 | CVE-2005-2260 | Unspecified vulnerability in Mozilla Firefox and Mozilla The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. | 7.5 |
| 2005-07-13 | CVE-2005-2259 | Remote Command Execution vulnerability in Multiple USANet Creations Products The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter. | 10.0 |
| 2005-07-13 | CVE-2005-2258 | Unspecified vulnerability in Squitosoft Squito Gallery 1.33 PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter. | 7.5 |
| 2005-07-13 | CVE-2005-2257 | Remote Security vulnerability in PHPslash 0.8.0 The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter. | 10.0 |
| 2005-07-13 | CVE-2005-2256 | Directory Traversal vulnerability in PHPPGAdmin Login Form Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter. | 5.0 |
| 2005-07-13 | CVE-2005-2255 | Directory Traversal vulnerability in Gianluca Baldo PHPauction 2.5 Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php. | 6.4 |
| 2005-07-13 | CVE-2005-2254 | Cross-Site Scripting vulnerability in Gianluca Baldo PHPauction 2.5 Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. | 4.3 |
| 2005-07-13 | CVE-2005-2253 | SQL-Injection vulnerability in Gianluca Baldo PHPauction 2.5 SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. | 7.5 |