Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1028 | Information Exposure vulnerability in PHPnuke PHP-Nuke PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1027 | Cross-Site Scripting vulnerability in PHP-Nuke Modules.PHP Username URI Parameter Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. network francisco-burzi | 4.3 |
| 2005-05-02 | CVE-2005-1026 | SQL Injection vulnerability in PHPBB DLMan Pro Module Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to dlman.php in DLMan Pro or (2) id parameter to links.php in Linkz Pro (aka LinksLinks Pro). | 7.5 |
| 2005-05-02 | CVE-2005-1025 | Information Disclosure vulnerability in IBM Iseries AS 400 4.3 The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | 5.0 |
| 2005-05-02 | CVE-2005-1024 | Unspecified vulnerability in Francisco Burzi PHP-Nuke modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1023 | Unspecified vulnerability in Francisco Burzi PHP-Nuke Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. network francisco-burzi | 4.3 |
| 2005-05-02 | CVE-2005-1022 | Unspecified vulnerability in Macromedia Coldfusion 6.1 ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | 5.0 |
| 2005-05-02 | CVE-2005-1021 | Resource Management Errors vulnerability in Cisco IOS Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. | 7.1 |
| 2005-05-02 | CVE-2005-1020 | Improper Authentication vulnerability in Cisco IOS Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | 7.1 |
| 2005-05-02 | CVE-2005-1019 | Local Security vulnerability in Aeon Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable. | 7.2 |