Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-04 | CVE-2005-0283 | Remote Directory Traversal vulnerability in David Barrett Qwikiwiki 1.4.1 Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2005-01-04 | CVE-2005-0280 | Remote vulnerability in Jowood Productions Soldner Secret Wars 30830 Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message. | 7.5 |
| 2005-01-04 | CVE-2004-1061 | Cross-Site Scripting vulnerability in Bugzilla Internal Error Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter. network mozilla | 4.3 |
| 2005-01-03 | CVE-2005-0274 | Input Validation vulnerability in All Enthusiast PhotoPost Classifieds Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters. network photopost | 4.3 |
| 2005-01-03 | CVE-2005-0271 | SQL-Injection vulnerability in Photopost Reviewpost PHP PRO 1.0.2/2.5 Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php. | 7.5 |
| 2005-01-03 | CVE-2005-0268 | Unspecified vulnerability in Flatnuke 2.5.1 Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field. | 7.5 |
| 2005-01-03 | CVE-2004-1312 | Remote Denial of Service vulnerability in GFI MailEssentials and MailSecurity HTML Email A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues. | 10.0 |
| 2005-01-01 | CVE-2005-0266 | Cross-Site Scripting vulnerability in SugarCRM Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter. network sugarcrm | 4.3 |
| 2004-12-31 | CVE-2004-2760 | Configuration vulnerability in Openbsd Openssh 3.5/3.5P1 sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. | 6.8 |
| 2004-12-31 | CVE-2004-2759 | Information Disclosure vulnerability in Sun StorEdge Sparse File Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files. | 2.1 |