Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-28 | CVE-2005-4519 | Unspecified vulnerability in Mantis Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php. | 7.5 |
2005-12-28 | CVE-2005-4518 | Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php. | 7.5 |
2005-12-28 | CVE-2005-4517 | SQL-Injection vulnerability in PHP Fusion SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php. | 7.5 |
2005-12-27 | CVE-2005-3535 | Unspecified vulnerability in Ketm 0.0.6 Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors. | 7.5 |
2005-12-23 | CVE-2005-4509 | SQL Injection vulnerability in pTools Index.ASP SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter. | 7.5 |
2005-12-23 | CVE-2005-4505 | Local Privilege Escalation vulnerability in McAfee VirusScan Path Specification Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path. | 7.2 |
2005-12-22 | CVE-2005-4504 | Remote Denial of Service vulnerability in Apple Mac OS X KHTMLParser The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag. | 7.8 |
2005-12-22 | CVE-2005-3536 | Multiple Unspecified vulnerability in PHPBB SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | 7.5 |
2005-12-22 | CVE-2005-4500 | SQL Injection vulnerability in Musicbox 2.3 SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. | 7.5 |
2005-12-22 | CVE-2005-3534 | Buffer Errors vulnerability in Wouter Verhelst NBD 2.7.5/2.8.0/2.8.2 Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header. | 7.5 |