Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0664 | Unspecified vulnerability in Libexif 0.6.9 Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag. | 2.6 |
2005-05-02 | CVE-2005-0663 | SQL-Injection vulnerability in Mercuryboard 1.1.2 SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter. | 7.5 |
2005-05-02 | CVE-2005-0662 | Cross-Site Scripting vulnerability in Mercuryboard 1.1.2 Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field. network mercuryboard | 4.3 |
2005-05-02 | CVE-2005-0661 | SQL-Injection vulnerability in Burning Board SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie. | 7.5 |
2005-05-02 | CVE-2005-0660 | Cross-Site Scripting vulnerability in Adalis D-Forum 1.11 Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3. network adalis | 4.3 |
2005-05-02 | CVE-2005-0659 | Information Disclosure vulnerability in phpBB phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0658 | SQL-Injection vulnerability in Cmw Linklist SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter. | 7.5 |
2005-05-02 | CVE-2005-0657 | Denial-Of-Service vulnerability in Computalynx Cproxy 3.3/3.4/3.4.4 Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. | 6.4 |
2005-05-02 | CVE-2005-0656 | Cross-Site Scripting vulnerability in Arif Supriyanto Auracms 1.5 Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php. network arif-supriyanto | 4.3 |
2005-05-02 | CVE-2005-0655 | Information Disclosure vulnerability in Arif Supriyanto Auracms 1.5 auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message. | 5.0 |