Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-04-13 | CVE-2005-1134 | SQL injection vulnerability in S9Y Serendipity Exit.PHP SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters. | 7.5 |
2005-04-12 | CVE-2005-1147 | calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information. | 5.0 |
2005-04-12 | CVE-2005-1144 | Information Disclosure vulnerability in EasyPHPCalendar popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message. | 5.0 |
2005-04-12 | CVE-2005-1143 | Cross-Site Scripting vulnerability in EasyPHPCalendar Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter. network easyphpcalendar | 4.3 |
2005-04-12 | CVE-2005-1130 | Cross-Site Scripting vulnerability in Pinnacle Cart Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter. network desert-dog-software | 4.3 |
2005-04-12 | CVE-2005-1103 | Unspecified vulnerability in Sygate Technologies Security Agent Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA. | 4.6 |
2005-04-12 | CVE-2005-1099 | Unspecified vulnerability in Salim Gasmi GLD Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code. | 10.0 |
2005-04-12 | CVE-2005-1078 | Unspecified vulnerability in Xampp Apache Distribution XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges. | 7.5 |
2005-04-12 | CVE-2005-1077 | Remote HTML Injection vulnerability in XAMPP CDS.PHP Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php. network xampp | 4.3 |
2005-04-12 | CVE-2005-1071 | SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. | 7.5 |