Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0998 | Information Disclosure vulnerability in Francisco Burzi PHP-Nuke 7.6 The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. | 5.0 |
2005-05-02 | CVE-2005-0997 | Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6 Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function. | 7.5 |
2005-05-02 | CVE-2005-0996 | Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6 Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. | 5.0 |
2005-05-02 | CVE-2005-0995 | Input Validation vulnerability in Early Impact Productcart 2.7 Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. network early-impact | 4.3 |
2005-05-02 | CVE-2005-0994 | Unspecified vulnerability in Early Impact Productcart 2.7 Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. | 7.5 |
2005-05-02 | CVE-2005-0993 | Local Buffer Overflow vulnerability in SCO OpenServer NWPrint Command Line Argument Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument. | 4.6 |
2005-05-02 | CVE-2005-0992 | Cross-Site Scripting vulnerability in PHPMyAdmin Convcharset Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. network phpmyadmin | 4.3 |
2005-05-02 | CVE-2005-0991 | Local Insecure Temporary File Creation vulnerability in IBM AIX RC.BOOT RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files. | 2.1 |
2005-05-02 | CVE-2005-0990 | Local Insecure Temporary File Creation vulnerability in GNU Sharutils 4.2.1 unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file. | 2.1 |
2005-05-02 | CVE-2005-0989 | The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method. | 5.0 |