Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-06-22 | CVE-2005-1525 | SQL Injection vulnerability in RaXnet Cacti SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-06-22 | CVE-2005-1524 | Unspecified vulnerability in the Cacti Group Cacti PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter. | 5.0 |
| 2005-06-22 | CVE-2005-1250 | Unspecified vulnerability in Ipswitch Whatsup Professional2005Sp1 SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). | 7.5 |
| 2005-06-21 | CVE-2005-2037 | SQL-Injection vulnerability in Fortibus CMS Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page. | 7.5 |
| 2005-06-21 | CVE-2005-2028 | Remote SQL Injection vulnerability in Mercuryboard Message Board 1.1.4 SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | 7.5 |
| 2005-06-20 | CVE-2005-2040 | Unspecified vulnerability in Telnetd Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CVE-2005-0469. | 5.0 |
| 2005-06-20 | CVE-2005-2038 | Remote Security vulnerability in Fortibus CMS 4.0.0 Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page. | 5.0 |
| 2005-06-20 | CVE-2005-2034 | Cross-Site Scripting vulnerability in Blue-Collar Productions I-Gallery 3.3 Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. network blue-collar-productions | 4.3 |
| 2005-06-20 | CVE-2005-2033 | Path Traversal vulnerability in Blue-Collar Productions I-Gallery 3.3 Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter. | 5.0 |
| 2005-06-20 | CVE-2005-2025 | Unspecified vulnerability in Cisco products Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname. | 5.0 |