Full List

Search

Recent Vulnerabilities

• CVE-2005-0658 • published on March 7, 2005 SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter.
• CVE-2005-0659 • published on March 7, 2005 phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.
• CVE-2005-0680 • published on March 7, 2005 PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code.
• CVE-2005-0656 • published on March 7, 2005 Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php.
• CVE-2005-0660 • published on March 7, 2005 Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3.
• CVE-2005-0663 • published on March 7, 2005 SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter.
• CVE-2005-0668 • published on March 7, 2005 Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files.
• CVE-2005-0669 • published on March 7, 2005 Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module.
• CVE-2005-0671 • published on March 7, 2005 Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command.
• CVE-2005-0676 • published on March 7, 2005 index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability.
• CVE-2005-0681 • published on March 7, 2005 Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname.
• CVE-2005-0682 • published on March 7, 2005 Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.
• CVE-2005-0652 • published on March 7, 2005 Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files.
• CVE-2005-0654 • published on March 7, 2005 gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero.
• CVE-2005-0655 • published on March 7, 2005 auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message.
• CVE-2005-0661 • published on March 7, 2005 SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie.
• CVE-2005-0670 • published on March 7, 2005 Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts.
• CVE-2005-0672 • published on March 7, 2005 Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference.
• CVE-2005-0674 • published on March 7, 2005 Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request.
• CVE-2005-0679 • published on March 7, 2005 PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. NOTE: it was later reported that 2.4 is also affected.