Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-11 | CVE-2005-1585 | SQL-Injection vulnerability in Open Solution Quick.Forum 2.1.6 Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory. | 7.5 |
2005-05-11 | CVE-2005-1580 | Remote Arbitrary File Upload vulnerability in Boastmachine 3.0 users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code. | 7.5 |
2005-05-11 | CVE-2005-1572 | Denial-Of-Service vulnerability in Wenig and Spitzer-Williams Showoff Digital Media Software 1.5.4 ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083. | 5.0 |
2005-05-11 | CVE-2005-1562 | Remote vulnerability in MaxWebPortal Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp. | 7.5 |
2005-05-11 | CVE-2005-1561 | Remote vulnerability in MaxWebPortal Multiple cross-site scripting (XSS) vulnerabilities in post.asp in MaxWebPortal 1.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mod, (2) M, or (3) type parameter. network maxwebportal | 4.3 |
2005-05-11 | CVE-2005-1560 | Remote Security vulnerability in Neteyes Nexusway 805 The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute. | 10.0 |
2005-05-11 | CVE-2005-1559 | Remote Security vulnerability in Neteyes Nexusway The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi. | 10.0 |
2005-05-11 | CVE-2005-1558 | Security Bypass vulnerability in Neteyes Nexusway 805 The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie. | 7.5 |
2005-05-11 | CVE-2005-1557 | HTML Injection vulnerability in Pixysoft Guestbook PRO 3.2.1 Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message. network pixysoft | 4.3 |
2005-05-11 | CVE-2005-1519 | DNS Spoofing vulnerability in Squid Proxy Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups. | 6.4 |