Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-06-20 | CVE-2005-2021 | Cross-Site Scripting vulnerability in cPanel User Parameter Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page. network cpanel | 4.3 |
| 2005-06-20 | CVE-2005-2014 | Local Security vulnerability in PHP Arena Pafaq 1.0Beta4 The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. | 4.6 |
| 2005-06-20 | CVE-2005-2013 | Information Disclosure vulnerability in PHP Arena Pafaq 1.0Beta4 paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | 5.0 |
| 2005-06-20 | CVE-2005-2012 | SQL-Injection vulnerability in PHP Arena Pafaq 1.0Beta4 Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters. | 7.5 |
| 2005-06-20 | CVE-2005-2011 | Cross-Site Scripting vulnerability in PHP Arena Pafaq 1.0Beta4 Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action. network php-arena | 4.3 |
| 2005-06-20 | CVE-2005-2010 | Cross-Site Scripting vulnerability in Uapplication Ublog Reload 1.0.5 Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter. network uapplication | 4.3 |
| 2005-06-20 | CVE-2005-2009 | SQL-Injection vulnerability in Ublog Reload 1.0.5 Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp. | 7.5 |
| 2005-06-20 | CVE-2005-1993 | Local Race Condition vulnerability in Todd Miller Sudo Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. | 3.7 |
| 2005-06-20 | CVE-2005-1992 | Command Execution vulnerability in Yukihiro Matsumoto Ruby 1.8 The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. | 7.5 |
| 2005-06-19 | CVE-2005-2039 | Remote Security vulnerability in Nanoblogger 3.1 Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and earlier allows remote attackers to execute arbitrary commands. | 5.0 |