Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-06 | CVE-2005-4030 | SQL Injection vulnerability in Quicksilver Forums SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header. | 5.1 |
2005-12-05 | CVE-2005-4029 | Remote Security vulnerability in WebEOC WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods. | 5.0 |
2005-12-05 | CVE-2005-4028 | Cross-Site Scripting vulnerability in Amember Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_login parameter to sendpass.php and (2) login parameter to member.php. network amember | 4.3 |
2005-12-05 | CVE-2005-4026 | Information Disclosure vulnerability in Geeklog (Extended Japanese Package) search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message. | 5.0 |
2005-12-05 | CVE-2005-4024 | Cross-Site Scripting vulnerability in Fastfind 2004/2005 Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter. network interspire | 4.3 |
2005-12-05 | CVE-2005-4023 | Input Validation vulnerability in Gallery Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
2005-12-05 | CVE-2005-4022 | Input Validation vulnerability in Gallery Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. network gallery-project | 4.3 |
2005-12-05 | CVE-2005-4021 | Input Validation vulnerability in Gallery The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | 5.0 |
2005-12-05 | CVE-2005-4017 | property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | 5.0 |
2005-12-05 | CVE-2005-4015 | Remote Security vulnerability in PHP web Statistik 1.4 PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php. | 5.0 |