Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-03-12 | CVE-2005-0780 | Unspecified vulnerability in PHP Arena Pafiledb paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message. | 5.0 |
2005-03-10 | CVE-2005-0774 | Remote vulnerability in Photopost PHP PRO 5.0Rc3 SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter. | 7.5 |
2005-03-10 | CVE-2005-0748 | Code Injection vulnerability in Webinsta Mailing Manager 1.3D PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-03-10 | CVE-2005-0731 | Denial-Of-Service vulnerability in PY Software Active Webcam 5.5 PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html. | 5.0 |
2005-03-09 | CVE-2005-0745 | Local Security vulnerability in Ian-02Ex Voip Ata UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset. | 4.6 |
2005-03-09 | CVE-2005-0719 | Denial Of Service vulnerability in HP Tru64 Message Queue Local Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd. | 2.1 |
2005-03-08 | CVE-2005-0747 | Information Disclosure vulnerability in I-Class ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp. | 5.0 |
2005-03-08 | CVE-2005-0741 | Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1 Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. network yabb | 4.3 |
2005-03-08 | CVE-2005-0725 | SQL-Injection vulnerability in Wf-Sections 1.07 SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php. | 7.5 |
2005-03-08 | CVE-2005-0723 | Cross-Site Scripting vulnerability in PHP Arena Pafiledb 3.1 Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php. network php-arena | 4.3 |