Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1225 | SQL-Injection vulnerability in Coppermine Photo Gallery 1.3.2 SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. | 7.5 |
| 2005-05-02 | CVE-2005-1224 | SQL Injection vulnerability in Duware Duportal 3.4/Pro3.4/Sql3.4 Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236. | 7.5 |
| 2005-05-02 | CVE-2005-1223 | SQL-Injection vulnerability in Ocean12 Technologies Calendar Manager PRO 1.01 Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field. | 7.5 |
| 2005-05-02 | CVE-2005-1222 | Remote Security vulnerability in Netref 4.2 cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php. | 7.5 |
| 2005-05-02 | CVE-2005-1220 | Information Disclosure vulnerability in Shoutbox Script Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes. | 7.5 |
| 2005-05-02 | CVE-2005-1204 | Denial-Of-Service vulnerability in Desktop Rover Desktop Rover 3.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a crafted packet to TCP port 61427, which causes an invalid memory access. | 5.0 |
| 2005-05-02 | CVE-2005-1203 | Cross-Site Scripting and SQL Injection vulnerability in eGroupWare Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter. | 7.5 |
| 2005-05-02 | CVE-2005-1202 | Cross-Site Scripting and SQL Injection vulnerability in eGroupWare Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter. network egroupware | 6.8 |
| 2005-05-02 | CVE-2005-1201 | Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. | 6.4 |
| 2005-05-02 | CVE-2005-1200 | Remote Security vulnerability in Az Bulletin Board 1.0.07A/1.0.07B/1.0.07C PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code. | 7.5 |