Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-05 | CVE-2005-4013 | Information Disclosure vulnerability in PHP web Statistik 1.4 PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file. | 5.0 |
| 2005-12-05 | CVE-2005-4012 | Unspecified vulnerability in PHP web Statistik 1.4 Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php. network php-web | 4.3 |
| 2005-12-05 | CVE-2005-4004 | Cross-Site Scripting vulnerability in InfinetSoftware MyTemplateSite Search.ASP Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. network infinetsoftware | 4.3 |
| 2005-12-05 | CVE-2005-4002 | Remote Security vulnerability in WebEOC WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. | 4.0 |
| 2005-12-05 | CVE-2005-4000 | Cross-Site Scripting vulnerability in SiteBeater News Archive.ASP Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the sKeywords parameter. network sitebeater | 4.3 |
| 2005-12-05 | CVE-2005-3999 | Cross-Site Scripting vulnerability in Sitebeater MP3 Catalog 2.0.3 Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. network sitebeater | 4.3 |
| 2005-12-05 | CVE-2005-3998 | Cross-Site Scripting vulnerability in Solupress News Search.ASP Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. network solupress | 4.3 |
| 2005-12-05 | CVE-2005-3996 | SQL Injection vulnerability in Zen-Cart ZEN Cart SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. | 5.1 |
| 2005-12-05 | CVE-2005-3995 | Remote Format String vulnerability in Sobexsrv Dosyslog Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands. | 5.1 |
| 2005-12-04 | CVE-2005-3991 | Cross-Site Scripting vulnerability in PHPheaven PHPmychat 0.14.6 Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.css.php; or the From parameter to users_popupL.php. network phpheaven | 4.3 |