268001
|
- |
|
efiction_project
|
efiction
|
Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the …
|
NVD-CWE-Other
|
CVE-2005-4168
|
2008-09-6 05:56 |
2005-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268002
|
- |
|
efiction_project
|
efiction
|
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .ph…
|
NVD-CWE-Other
|
CVE-2005-4171
|
2008-09-6 05:56 |
2005-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268003
|
- |
|
efiction_project
|
efiction
|
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error m…
|
NVD-CWE-Other
|
CVE-2005-4172
|
2008-09-6 05:56 |
2005-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268004
|
- |
|
efiction_project
|
efiction
|
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.
|
NVD-CWE-Other
|
CVE-2005-4173
|
2008-09-6 05:56 |
2005-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268005
|
- |
|
-
|
-
|
eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear…
|
NVD-CWE-Other
|
CVE-2005-4174
|
2008-09-6 05:56 |
2005-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268006
|
- |
|
logisphere
|
logisphere
|
Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original rese…
|
NVD-CWE-Other
|
CVE-2005-4204
|
2008-09-6 05:56 |
2005-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268007
|
- |
|
asp-dev
|
xm_forum
|
Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of th…
|
NVD-CWE-Other
|
CVE-2005-4256
|
2008-09-6 05:56 |
2005-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268008
|
- |
|
linksys
|
befw11s4 befw11s4_v3 befw11s4_v4 wrt54gs
|
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LA…
|
NVD-CWE-Other
|
CVE-2005-4257
|
2008-09-6 05:56 |
2005-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268009
|
- |
|
alt-n
|
mdaemon worldclient
|
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to pe…
|
NVD-CWE-Other
|
CVE-2005-4266
|
2008-09-6 05:56 |
2005-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268010
|
- |
|
microsoft
|
ie windows_2003_server windows_xp
|
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at…
|
NVD-CWE-Other
|
CVE-2005-4269
|
2008-09-6 05:56 |
2005-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|