Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-16 | CVE-2005-3548 | Path Traversal vulnerability in Invision Power Services Invision Board 2.0.1 Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. | 4.0 |
| 2005-11-16 | CVE-2005-3547 | Cross-Site Scripting vulnerability in Invision Power Services Invision Board 2.1 Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. network invision-power-services | 4.3 |
| 2005-11-16 | CVE-2005-3544 | Unspecified vulnerability in XMB Forum XMB 1.9.3 Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network xmb-forum | 4.3 |
| 2005-11-16 | CVE-2005-3543 | SQL Injection vulnerability in Phorum SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. | 6.8 |
| 2005-11-06 | CVE-2005-3522 | Cross-Site Scripting vulnerability in Adventnet Manageengine Netflow Analyzer 4.0.2 Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. network adventnet | 4.3 |
| 2005-11-06 | CVE-2005-3520 | Cross-Site Scripting vulnerability in MySource Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php. network mysource | 4.3 |
| 2005-11-06 | CVE-2005-3511 | Cross-Site Scripting vulnerability in Spymac web OS 4.0 Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in index.php, (2) inspire, (3) system, or (4) title parameter in blog_newentry.php, (5) entry parameter in blog_newentry_comment.php, (6) entry parameter in blog_edit_entry.php, or (7) caldate parameter in blog.php; and (b) the notes module, including the (1) forwardid parameter in a noteform action; (2) del_folder parameter in a delete_folder action; (3) isread, (4) dateorder, (5) subjectorder, (6) curr, (7) fromorder, or (8) action parameters; (9) ppp or (10) totalreplies parameter in an Inbox action; (11) totalnotes parameter; or (12) touserid parameter in a noteform action. | 4.3 |
| 2005-11-06 | CVE-2005-3507 | Directory Traversal vulnerability in CutePHP CuteNews Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php. | 5.0 |
| 2005-11-05 | CVE-2005-3506 | Cross-Site Scripting vulnerability in Sambar Server Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field. network sambar | 4.3 |
| 2005-11-05 | CVE-2005-3505 | HTML Injection vulnerability in Cpanel 10.2.0R82/10.6.0R137 Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer. network cpanel | 4.3 |