Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-06-22 | CVE-2005-2046 | SQL-Injection vulnerability in Duamazon PRO 3.0/3.1 Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp. | 7.5 |
| 2005-06-22 | CVE-2005-2045 | SQL-Injection vulnerability in Duware Duportal PRO 3.4.3 Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp. | 7.5 |
| 2005-06-22 | CVE-2005-1526 | Remote File Include vulnerability in RaXnet Cacti Config_Settings.PHP PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter. | 7.5 |
| 2005-06-22 | CVE-2005-1525 | SQL Injection vulnerability in RaXnet Cacti SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-06-22 | CVE-2005-1524 | Unspecified vulnerability in the Cacti Group Cacti PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter. | 5.0 |
| 2005-06-22 | CVE-2005-1250 | Unspecified vulnerability in Ipswitch Whatsup Professional2005Sp1 SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). | 7.5 |
| 2005-06-21 | CVE-2005-2037 | SQL-Injection vulnerability in Fortibus CMS Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page. | 7.5 |
| 2005-06-21 | CVE-2005-2028 | Remote SQL Injection vulnerability in Mercuryboard Message Board 1.1.4 SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | 7.5 |
| 2005-06-20 | CVE-2005-2040 | Unspecified vulnerability in Telnetd Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CVE-2005-0469. | 5.0 |
| 2005-06-20 | CVE-2005-2038 | Remote Security vulnerability in Fortibus CMS 4.0.0 Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page. | 5.0 |