Weekly Vulnerabilities Reports > December 19 to 25, 2005
Overview
173 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 57 high severity vulnerabilities. This weekly summary report vulnerabilities in 154 products from 128 vendors including Macromedia, Blackboard, Iatek, Phpbb Group, and Mailenable. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Unchecked Return Value", and "Resource Management Errors".
- 163 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 165 reported vulnerabilities are exploitable by an anonymous user.
- Macromedia has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Vmware has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-21 | CVE-2005-4459 | Vmware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands. | 10.0 |
2005-12-21 | CVE-2005-4448 | Flatnuke | Directory Traversal vulnerability in Flatnuke 2.5.6 FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie. | 10.0 |
2005-12-20 | CVE-2005-4414 | Open LAB | Remote Security vulnerability in Open LAB Teamwork Alpha1.2/Alpha1.4/Alpha1.6 Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug." | 10.0 |
2005-12-19 | CVE-2005-4338 | Blackboard | Remote Security vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin". | 10.0 |
2005-12-21 | CVE-2005-4458 | Metadot | Privilege Escalation vulnerability in MetaDot Portal Server Site_Mgr Group Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group. | 9.0 |
2005-12-21 | CVE-2005-4453 | Ultraapps | Privilege Escalation vulnerability in Ultraapps Issue Manager 2.1 UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field. | 9.0 |
57 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-22 | CVE-2005-4504 | Apple | Remote Denial of Service vulnerability in Apple Mac OS X KHTMLParser The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag. | 7.8 |
2005-12-22 | CVE-2005-4464 | Ingate | Remote Kernel Deadlock Denial Of Service vulnerability in Ingate Firewall and SIParator Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote attackers to cause a denial of service (kernel deadlock) by sending a SYN packet for a TCP stream, which requires an RST packet in response. | 7.8 |
2005-12-21 | CVE-2005-4456 | Mailenable | IMAP Remote Buffer Overflow vulnerability in MailEnable Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. | 7.8 |
2005-12-21 | CVE-2005-4439 | Elog | Remote Buffer Overflow vulnerability in Elog Elogd 2.6.0Beta4 Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter. | 7.8 |
2005-12-21 | CVE-2005-4436 | Extended Interior Gateway Routing Protocol | Remote Denial Of Service vulnerability in Cisco EIGRP Protocol Unauthenticated Goodbye Packet Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV). | 7.8 |
2005-12-21 | CVE-2005-4348 | Fetchmail | Resource Management Errors vulnerability in Fetchmail fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. | 7.8 |
2005-12-20 | CVE-2005-4425 | Kerio | Denial of Service vulnerability in Kerio WinRoute Firewall RTSP Stream Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams. | 7.8 |
2005-12-20 | CVE-2005-4360 | Microsoft | Unchecked Return Value vulnerability in Microsoft Internet Information Services 5.1 The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". | 7.8 |
2005-12-20 | CVE-2005-4350 | SUN | Denial of Service vulnerability in SUN Wbem Services A.01.05.11/A.02.00.07 Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors. | 7.8 |
2005-12-23 | CVE-2005-4509 | Parallel Tools Consortium | SQL Injection vulnerability in pTools Index.ASP SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter. | 7.5 |
2005-12-22 | CVE-2005-3536 | Phpbb Group | Multiple Unspecified vulnerability in PHPBB SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | 7.5 |
2005-12-22 | CVE-2005-4500 | Musicbox | SQL Injection vulnerability in Musicbox 2.3 SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. | 7.5 |
2005-12-22 | CVE-2005-3534 | Wouter Verhelst | Buffer Errors vulnerability in Wouter Verhelst NBD 2.7.5/2.8.0/2.8.2 Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header. | 7.5 |
2005-12-22 | CVE-2005-4479 | Phpslash | SQL Injection vulnerability in PHPslash 0.8.1 SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the story_id parameter. | 7.5 |
2005-12-22 | CVE-2005-4478 | Papoo | SQL Injection vulnerability in Papoo Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php. | 7.5 |
2005-12-22 | CVE-2005-4472 | Macromedia | Multiple vulnerability in Macromedia JRun Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters. | 7.5 |
2005-12-22 | CVE-2005-4470 | Blender | Integer Overflow vulnerability in Blender BlenLoader File Processing Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow. | 7.5 |
2005-12-22 | CVE-2005-4469 | Phpgedview | Remote Script Code Execution vulnerability in PHPGedView Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php. | 7.5 |
2005-12-22 | CVE-2005-4468 | Phpgedview | Remote Script Code Execution vulnerability in PHPGedView PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGV_BASE_DIRECTORY parameter. | 7.5 |
2005-12-22 | CVE-2005-4466 | Interactive Intelligence | Remote Heap Corruption Denial Of Service vulnerability in Interactive Intelligence Interaction SIP Proxy 3.0.010 Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab characters. | 7.5 |
2005-12-22 | CVE-2005-4465 | NEC | Denial Of Service vulnerability in NEC UNIVERGE IX1000/IX2000/IX3000 IKE Exchange The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.5 |
2005-12-21 | CVE-2005-4462 | Tolva | Remote File Include vulnerability in Tolva 0.1.0 PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter. | 7.5 |
2005-12-21 | CVE-2005-4461 | Beehive Forum | SQL Injection vulnerability in Beehive Forum SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_sess parameter. | 7.5 |
2005-12-21 | CVE-2005-4457 | Mailenable | Denial-Of-Service vulnerability in Mailenable Enterprise 1.1 MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command. | 7.5 |
2005-12-21 | CVE-2005-4451 | HP | Remote Unauthorized Access vulnerability in HP Hp-Ux 11.11 Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors. | 7.5 |
2005-12-21 | CVE-2005-4450 | Phpmyadmin | Cross-Site Request Forgery vulnerability in PHPmyadmin 2.7.0Pl1 Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. | 7.5 |
2005-12-21 | CVE-2005-4267 | Qualcomm | Buffer Errors vulnerability in Qualcomm Worldmail 3.0 Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands. | 7.5 |
2005-12-21 | CVE-2005-4447 | Coinsoft Technologies | SQL-Injection vulnerability in phpCOIN SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter. | 7.5 |
2005-12-21 | CVE-2005-4438 | Dec2Rar DLL | Heap Overflow vulnerability in Dec2Rar.Dll 3.2.14.3 Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field. | 7.5 |
2005-12-21 | CVE-2005-4437 | Extended Interior Gateway Routing Protocol | Unspecified vulnerability in Extended Interior Gateway Routing Protocol Extended Interior Gateway Routing Protocol 1.2 MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. | 7.5 |
2005-12-21 | CVE-2005-4431 | Wowbb | SQL-Injection vulnerability in Wowbb 1.65 SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. | 7.5 |
2005-12-21 | CVE-2005-4430 | Logicnow | SQL Injection vulnerability in LogicBill SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php. | 7.5 |
2005-12-21 | CVE-2005-4429 | CS Cart | SQL Injection vulnerability in Cs-Cart 1.3.0 SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php. | 7.5 |
2005-12-20 | CVE-2005-4427 | Cerberus | Input Validation vulnerability in Cerberus Helpdesk 2.649 Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php. | 7.5 |
2005-12-20 | CVE-2005-4421 | DEV Editor | Unspecified vulnerability in Dev-Editor Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name. | 7.5 |
2005-12-20 | CVE-2005-4419 | Quicksquare Development | Input Validation vulnerability in Quick Square Development Honeycomb Archive Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters. | 7.5 |
2005-12-20 | CVE-2005-4416 | TML | Input Validation vulnerability in TML 0.5 SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-12-20 | CVE-2005-4411 | David Harris | Remote Mailbox Name Service Buffer Overflow vulnerability in David Harris Mercury Mail Transport System 4.01B Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105. | 7.5 |
2005-12-20 | CVE-2005-4408 | PC Media | SQL Injection vulnerability in Miraserver Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php. | 7.5 |
2005-12-20 | CVE-2005-4406 | TMC Visionpool | Input Validation vulnerability in Mercury CMS SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2005-12-20 | CVE-2005-4404 | Media2 CMS | SQL-Injection vulnerability in Media2 Cms Shop SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x allows remote attackers to execute arbitrary SQL commands via the item parameter. | 7.5 |
2005-12-20 | CVE-2005-4403 | QCM | SQL Injection vulnerability in Marwel SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter. | 7.5 |
2005-12-20 | CVE-2005-4397 | Icms Content Management Systems | SQL-Injection vulnerability in Icms SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter. | 7.5 |
2005-12-20 | CVE-2005-4392 | E Publish | Input Validation vulnerability in E-Publish SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-12-20 | CVE-2005-4390 | Contentserv | SQL Injection vulnerability in ContentServ SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the StoryID parameter. | 7.5 |
2005-12-20 | CVE-2005-4382 | Citysoft | SQL Injection vulnerability in Citysoft Community Enterprise SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm. | 7.5 |
2005-12-20 | CVE-2005-4380 | Bitweaver | SQL Injection vulnerability in Bitweaver 1.1/1.1.1Beta Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php. | 7.5 |
2005-12-20 | CVE-2005-4378 | NMA | Input Validation vulnerability in Baseline CMS SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter. | 7.5 |
2005-12-20 | CVE-2005-4370 | Acidcat | Input Validation vulnerability in Acidcat CMS SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp. | 7.5 |
2005-12-20 | CVE-2005-4356 | Xmpie | SQL-Injection vulnerability in Ustore SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | 7.5 |
2005-12-20 | CVE-2005-4353 | Toenda Software Development | SQL-Injection vulnerability in Toenda Software Development Toendacms 0.6.2.1 SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-12-19 | CVE-2005-4342 | Macromedia | Multiple vulnerability in Macromedia Coldfusion 6.0/6.1/7.0 ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." | 7.5 |
2005-12-19 | CVE-2005-4337 | Blackboard | Security Bypass vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter. | 7.5 |
2005-12-23 | CVE-2005-4505 | Mcafee | Local Privilege Escalation vulnerability in McAfee VirusScan Path Specification Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path. | 7.2 |
2005-12-21 | CVE-2005-4443 | Gauche | Packages Insecure RUNPATH vulnerability in Gentoo Linux Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | 7.2 |
2005-12-21 | CVE-2005-4442 | Openldap | Packages Insecure RUNPATH vulnerability in Gentoo Linux Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | 7.2 |
2005-12-19 | CVE-2005-4345 | Macromedia | Multiple vulnerability in Macromedia Coldfusion 7.0 Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. | 7.2 |
106 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-22 | CVE-2005-4493 | Speartek | Cross-Site Scripting vulnerability in Speartek 6.0 Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 6.8 |
2005-12-22 | CVE-2005-4482 | Iatek | Cross-Site Scripting vulnerability in Iatek Portalapp 3.3 Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter. | 6.8 |
2005-12-22 | CVE-2005-4480 | Plexcor | Cross-Site Scripting vulnerability in Plexcor CMS 4.0 Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 6.8 |
2005-12-22 | CVE-2005-4477 | Papaya | Cross-Site Scripting vulnerability in Papaya CMS Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[searchfor] parameter. | 6.8 |
2005-12-22 | CVE-2005-4476 | Openedit INC | Cross-Site Scripting vulnerability in OpenEdit Results.HTML Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters. | 6.8 |
2005-12-22 | CVE-2005-4475 | Alkacon | Cross-Site Scripting vulnerability in OpenCMS Search Module Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 6.8 |
2005-12-20 | CVE-2005-4424 | Phpkit | Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. | 6.5 |
2005-12-20 | CVE-2005-4423 | Phpfm | Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell." | 6.5 |
2005-12-20 | CVE-2005-4422 | Toenda Software Development | Remote File Upload vulnerability in Toenda Software Development Toendacms 0.6.1 Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums. | 6.5 |
2005-12-20 | CVE-2005-4402 | Mailenable | Remote Security vulnerability in MailEnable Enterprise Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command. | 6.5 |
2005-12-20 | CVE-2005-4417 | Anycom Belkin Widcomm | Remote Security vulnerability in Blue Usb-130-250 Software The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. | 6.4 |
2005-12-20 | CVE-2005-4384 | Citysoft | Remote Security vulnerability in Citysoft Community Enterprise 4.X CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm. | 6.4 |
2005-12-20 | CVE-2005-4366 | FAD Solutions | SQL Injection vulnerability in FAD Solutions Drzes HMS 3.2 Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. | 6.4 |
2005-12-20 | CVE-2005-4359 | Oodie | SQL-Injection vulnerability in Oodie Odfaq 1.21B/2.1.0 SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php. | 6.4 |
2005-12-20 | CVE-2005-4367 | FAD Solutions | Cross-Site Scripting vulnerability in FAD Solutions Drzes HMS 3.2 Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. | 5.8 |
2005-12-20 | CVE-2005-4364 | HOT Banana | Cross-Site Scripting vulnerability in HOT Banana web Content Management Suite 5.3 Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | 5.8 |
2005-12-20 | CVE-2005-4363 | Komodo | Input Validation vulnerability in Komodo CMS 2.1 Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 5.8 |
2005-12-22 | CVE-2005-4474 | Rarlab | Buffer Overflow vulnerability in Rarlab Winrar 3.51 Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. | 5.1 |
2005-12-21 | CVE-2005-4460 | Beehive Forum | HTML Injection vulnerability in Beehive Forum Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Description, and (3) Comment fields to (a) links.php and (b) links_add.php. | 5.1 |
2005-12-21 | CVE-2005-4445 | David Harris | Remote Code Execution vulnerability in Pegasus Mail Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow. | 5.1 |
2005-12-21 | CVE-2005-4444 | David Harris | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in David Harris Pegasus Mail Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply. | 5.1 |
2005-12-23 | CVE-2005-4510 | Extensis | Directory Traversal vulnerability in Extensis Netpublish Server 7.0 Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter. | 5.0 |
2005-12-23 | CVE-2005-4508 | Nexus Concepts | Remote Security vulnerability in Dev Hound Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to obtain the installation path via a URL containing a non-existent .dll file. | 5.0 |
2005-12-22 | CVE-2005-3537 | Phpbb Group | Multiple Unspecified vulnerability in PHPBB A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. | 5.0 |
2005-12-22 | CVE-2005-4503 | NET Square | Multiple vulnerability in Net-Square Httprint 202 httprint v202, and possibly other versions before v301, allows remote attackers to cause a denial of service (crash) via a long Server field in an HTTP response. | 5.0 |
2005-12-22 | CVE-2005-4473 | Macromedia | Multiple vulnerability in Macromedia JRun Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL." | 5.0 |
2005-12-22 | CVE-2005-4471 | Avaya | Remote Denial of Service vulnerability in Avaya Modular Messaging Message Storage Server 1.1/2.0 POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets. | 5.0 |
2005-12-22 | CVE-2005-4467 | Phpgedview | Remote Script Code Execution vulnerability in PHPGedView Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a .. | 5.0 |
2005-12-21 | CVE-2005-4463 | Wordpress | Information Disclosure vulnerability in WordPress WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. | 5.0 |
2005-12-21 | CVE-2005-4455 | Livejournal | Remote Security vulnerability in LiveJournal cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi. | 5.0 |
2005-12-21 | CVE-2005-4452 | Information Call Center | Information Disclosure vulnerability in Information Call Center Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. | 5.0 |
2005-12-21 | CVE-2005-3657 | Mcafee | Unspecified vulnerability in Mcafee Mcinsctl.Dll and Virusscan Security Center The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object. | 5.0 |
2005-12-21 | CVE-2005-4441 | Pvlan Protocol | Security Bypass vulnerability in Pvlan Protocol The PVLAN protocol allows remote attackers to bypass network segmentation and spoof PVLAN traffic via a PVLAN message with a target MAC address that is set to a gateway router, which causes the packet to be sent to the router, where the source MAC is modified, aka "Modification of the MAC spoofing PVLAN jumping attack," as demonstrated by pvlan.c. | 5.0 |
2005-12-21 | CVE-2005-4440 | Vlan Protocol | Security Bypass vulnerability in Vlan Protocol Vlan Protocol 802.1Q The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN jumping attack." | 5.0 |
2005-12-20 | CVE-2005-4405 | Random Mouse Software | Remote Security vulnerability in Red Queen redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to obtain the full server path via invalid (1) yellowpage_id, (2) skin_id, (3) supplier_id, and (4) module parameters, which leaks the path in an error message. | 5.0 |
2005-12-20 | CVE-2005-4389 | Contens | Remote Security vulnerability in Contens 2.5/3.0 search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters. | 5.0 |
2005-12-20 | CVE-2005-4376 | BOX UK | Denial-Of-Service vulnerability in BOX UK Amaxus 3 Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter. | 5.0 |
2005-12-20 | CVE-2005-4373 | Liquid Bytes Technologies | Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. | 5.0 |
2005-12-20 | CVE-2005-4371 | Acidcat | Input Validation vulnerability in Acidcat CMS Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb. | 5.0 |
2005-12-20 | CVE-2005-4368 | Roundcube | Information Exposure vulnerability in Roundcube Webmail roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. | 5.0 |
2005-12-20 | CVE-2005-4362 | Komodo | Input Validation vulnerability in Komodo CMS 2.1 SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 5.0 |
2005-12-20 | CVE-2005-4358 | Phpbb Group | Remote Security vulnerability in PHPbb Group PHPbb 2.0.18 admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. | 5.0 |
2005-12-19 | CVE-2005-4346 | Anthony Boyd | SQL-Injection vulnerability in Phpbb Blog Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. | 5.0 |
2005-12-19 | CVE-2005-4343 | Macromedia | Multiple vulnerability in Macromedia Coldfusion 6.0/6.1/7.0 Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability". | 5.0 |
2005-12-19 | CVE-2005-4341 | Blackboard | Remote Security vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. | 5.0 |
2005-12-22 | CVE-2005-3660 | Linux | Local Socket Buffer Memory Exhaustion Denial of Service vulnerability in Linux Kernel Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference. | 4.9 |
2005-12-23 | CVE-2005-4511 | Curtis Hawthorne | Denial-Of-Service vulnerability in Curtis Hawthorne Tn3270 Resource Gateway 1.0.0/1.0.1/1.1.0 Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows local users to cause a denial of service and possibly execute arbitrary code via format string specifiers in syslog function calls. | 4.6 |
2005-12-23 | CVE-2005-4506 | Nexus Concepts | Multiple vulnerability in Nexus Concepts Dev Hound Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in the devhound.tdbd file, which allows local users to gain privileges. | 4.6 |
2005-12-22 | CVE-2005-3631 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords. | 4.6 |
2005-12-23 | CVE-2005-4513 | Wandsoft | Cross-Site Scripting vulnerability in WandSoft E-Search Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keywords parameter. | 4.3 |
2005-12-23 | CVE-2005-4512 | Waxtrapp | Cross-Site Scripting vulnerability in WaxTrapp Search Module Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 4.3 |
2005-12-23 | CVE-2005-4507 | Nexus Concepts | Multiple vulnerability in Nexus Concepts Dev Hound Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields. | 4.3 |
2005-12-22 | CVE-2005-4502 | NET Square | Multiple vulnerability in Net-Square Httprint 202 Cross-site scripting (XSS) vulnerability in httprint v202, and possibly other versions before v301, allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response, which is not sanitized before being displayed to the user. | 4.3 |
2005-12-22 | CVE-2005-4501 | Mediawiki | Unspecified vulnerability in Mediawiki MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer. | 4.3 |
2005-12-22 | CVE-2005-4498 | Text E | Cross-Site Scripting vulnerability in Text-E CMS 1.6.4 Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 4.3 |
2005-12-22 | CVE-2005-4497 | Tangora | Cross-Site Scripting vulnerability in Tangora Portal CMS Action Parameter Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx. | 4.3 |
2005-12-22 | CVE-2005-4496 | Forum ONE | Cross-Site Scripting vulnerability in SyntaxCMS Search Query Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | 4.3 |
2005-12-22 | CVE-2005-4492 | Starphire Technologies | Cross-SIte Scripting vulnerability in Starphire Technologies SiteSage Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter. | 4.3 |
2005-12-22 | CVE-2005-4491 | Sitekit Solutions | Cross-Site Scripting vulnerability in Sitekit Solutions Sitekit CMS Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. | 4.3 |
2005-12-22 | CVE-2005-4490 | Commercial Interactive Media | Cross-Site Scripting vulnerability in Commercial Interactive Media SCOOP! Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword and (2) invalid parameter to articleSearch.asp; (3) username and (4) invalid parameter to lostPassword.asp; (5) Username, (6) Password, and (7) invalid parameter to account_login.asp; (8) area, (9) articleZoneID, (10) r, and (11) invalid parameters to category.asp; and invalid parameters to (12) articleZone.asp, (13) prePurchaserRegistration.asp, and (14) requestDemo.asp. | 4.3 |
2005-12-22 | CVE-2005-4489 | Scoop | Cross-Site Scripting vulnerability in Scoop Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type and (2) count parameters, and (3) the query string in a story. | 4.3 |
2005-12-22 | CVE-2005-4488 | Computeroil | Cross-Site Scripting vulnerability in ComputerOil Redakto CMS Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) iid, (2) iid2, (3) r, (4) cart, (5) str, (6) nf, and (7) a parameters. | 4.3 |
2005-12-22 | CVE-2005-4487 | Ramsite | Cross-Site Scripting vulnerability in RAMSite R1 CMS Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter. | 4.3 |
2005-12-22 | CVE-2005-4485 | Iatek | Cross-Site Scripting vulnerability in Iatek Projectapp Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp. | 4.3 |
2005-12-22 | CVE-2005-4484 | Iatek | Cross-Site Scripting vulnerability in IntranetApp Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp. | 4.3 |
2005-12-22 | CVE-2005-4483 | Iatek | Cross-Site Scripting vulnerability in SiteEnable Login.ASP Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter. | 4.3 |
2005-12-21 | CVE-2005-4454 | Livejournal | HTML Injection vulnerability in LiveJournal Cleanhtml.PL Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets. | 4.3 |
2005-12-21 | CVE-2005-4446 | Aspbite | Cross-Site Scripting vulnerability in Aspbite 8 Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter. | 4.3 |
2005-12-21 | CVE-2005-4435 | Abledesign | Cross-Site Scripting vulnerability in Abledesign D-Man 3.0 Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. | 4.3 |
2005-12-21 | CVE-2005-4434 | Abledesign | Cross-Site Scripting vulnerability in Abledesign 2.0 Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-12-21 | CVE-2005-4433 | Esselbach Internet Solutions | Cross-Site Scripting vulnerability in Esselbach Internet Solutions Esselbach Storyteller CMS 1.8 Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Search field. | 4.3 |
2005-12-21 | CVE-2005-4432 | Playsms | Cross-Site Scripting vulnerability in Playsms 0.8 Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter. | 4.3 |
2005-12-20 | CVE-2005-4428 | Cerberus | Input Validation vulnerability in Cerberus Helpdesk 2.649 Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. | 4.3 |
2005-12-20 | CVE-2005-4420 | Quicksquare Development | Input Validation vulnerability in Quicksquare Development Honeycomb Archive Enterprise 3.0 Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm. | 4.3 |
2005-12-20 | CVE-2005-4415 | TML | Input Validation vulnerability in TML 0.5 Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter. | 4.3 |
2005-12-20 | CVE-2005-4413 | IBM | HTML Injection vulnerability in IBM Websphere Application Server 6.0 Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1. | 4.3 |
2005-12-20 | CVE-2005-4410 | Nqcontent | Cross-Site Scripting vulnerability in Nqcontent V3 Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter. | 4.3 |
2005-12-20 | CVE-2005-4409 | Mmbase | Cross-Site Scripting vulnerability in MMBase Search Module Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 4.3 |
2005-12-20 | CVE-2005-4407 | TMC Visionpool | Cross-Site Scripting vulnerability in Mercury Cms Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters. | 4.3 |
2005-12-20 | CVE-2005-4401 | Lutece | Cross-Site Scripting vulnerability in Lutece Search Module Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the query parameter. | 4.3 |
2005-12-20 | CVE-2005-4400 | Liferay | Cross-Site Scripting vulnerability in Liferay Portal Enterprise Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. | 4.3 |
2005-12-20 | CVE-2005-4399 | Libertas Solutions | Cross-Site Scripting vulnerability in Libertas Enterprise CMS Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter. | 4.3 |
2005-12-20 | CVE-2005-4396 | Icms Content Management Systems | Cross-Site Scripting vulnerability in Icms Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. | 4.3 |
2005-12-20 | CVE-2005-4395 | Farcry | Cross-Site Scripting vulnerability in FarCry Search Module Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the criteria parameter. | 4.3 |
2005-12-20 | CVE-2005-4394 | Formicary LTD | Cross-Site Scripting vulnerability in EPiX Search Module Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters. | 4.3 |
2005-12-20 | CVE-2005-4393 | E Publish | Input Validation vulnerability in E-Publish Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters. | 4.3 |
2005-12-20 | CVE-2005-4391 | Mindroute Software | Cross-Site Scripting vulnerability in Retired: Mindroute Lemoon/Damoon Search Module Cross-site scripting (XSS) vulnerability in damoon allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. | 4.3 |
2005-12-20 | CVE-2005-4388 | Contens | Cross-Site Scripting vulnerability in CONTENS Near Parameter Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the near parameter. | 4.3 |
2005-12-20 | CVE-2005-4387 | Contenite | Cross-Site Scripting vulnerability in Contenite 0.11 Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2005-12-20 | CVE-2005-4386 | Colony | Cross-Site Scripting vulnerability in Colony products Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | 4.3 |
2005-12-20 | CVE-2005-4385 | Cofax | Cross-Site Scripting vulnerability in Cofax Search.HTM Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. | 4.3 |
2005-12-20 | CVE-2005-4383 | Citysoft | Cross-Site Scripting vulnerability in Citysoft Community Enterprise 4.X Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows remote attackers to inject arbitrary web script or HTML via the (1) presentationSite, (2) docPublishYear, (3) docDescription, (4) publishState, (5) docAuthor, (6) docTitle, (7) subTopic, (8) topic, (9) topicRadio, (10) topicOnly, (11) startrow, and (12) sortby parameters. | 4.3 |
2005-12-20 | CVE-2005-4381 | Caravel CMS | Cross-Site Scripting vulnerability in Caravel CMS Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters. | 4.3 |
2005-12-20 | CVE-2005-4379 | Bitweaver | Cross-Site Scripting vulnerability in Bitweaver Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; the (3) blog_id parameter to (e) blogs/view.php; and the (4) search field to (f) users/my_groups.php. | 4.3 |
2005-12-20 | CVE-2005-4377 | NMA | Cross-Site Scripting vulnerability in Baseline Cms Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters. | 4.3 |
2005-12-20 | CVE-2005-4375 | BOX UK | Cross-Site Scripting vulnerability in Box UK Amaxus CMS Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. | 4.3 |
2005-12-20 | CVE-2005-4374 | Allinta | Cross-Site Scripting vulnerability in Allinta CMS Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp. | 4.3 |
2005-12-20 | CVE-2005-4372 | Liquid Bytes Technologies | Cross-Site Scripting vulnerability in Adaptive Website Framework Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2005-12-20 | CVE-2005-4369 | THE Collective | Cross-Site Scripting vulnerability in the Collective Acuity CMS 2.6.2 Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp. | 4.3 |
2005-12-20 | CVE-2005-4365 | Flip | Cross-Site Scripting vulnerability in Flip 0.9.0.1029 Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php. | 4.3 |
2005-12-20 | CVE-2005-4361 | Magnolia | Cross-Site Scripting vulnerability in Magnolia Content Management Suite 2.1 Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2005-12-20 | CVE-2005-4355 | Xmpie | Cross-Site Scripting vulnerability in Ustore Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. | 4.3 |
2005-12-20 | CVE-2005-4354 | University OF Arizona | Cross-Site Scripting vulnerability in Webglimpse Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2005-12-19 | CVE-2005-4339 | Blackboard | Cross-Site Scripting vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page. | 4.3 |
2005-12-21 | CVE-2005-4449 | Flatnuke | Remote Security vulnerability in Flatnuke 2.5.6 verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. | 4.0 |
2005-12-20 | CVE-2005-4426 | Yabb | HTML Injection vulnerability in YaBB Image Upload Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-22 | CVE-2005-4494 | Spip | Cross-Site Scripting vulnerability in Spip 1.8.2 Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3. | 2.6 |
2005-12-20 | CVE-2005-4357 | Phpbb Group | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.18 Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover. | 2.6 |
2005-12-20 | CVE-2005-4412 | Citrix | Local Security vulnerability in Citrix Program Neighborhood Client 9.1 Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field. | 2.1 |
2005-12-19 | CVE-2005-4344 | Macromedia | Multiple vulnerability in Macromedia Coldfusion 7.0 Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration. | 2.1 |