Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-20 | CVE-2005-4382 | SQL Injection vulnerability in Citysoft Community Enterprise SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm. | 7.5 |
| 2005-12-20 | CVE-2005-4380 | SQL Injection vulnerability in Bitweaver 1.1/1.1.1Beta Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php. | 7.5 |
| 2005-12-20 | CVE-2005-4378 | Input Validation vulnerability in Baseline CMS SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter. | 7.5 |
| 2005-12-20 | CVE-2005-4370 | Input Validation vulnerability in Acidcat CMS SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp. | 7.5 |
| 2005-12-20 | CVE-2005-4360 | Unchecked Return Value vulnerability in Microsoft Internet Information Services 5.1 The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". | 7.8 |
| 2005-12-20 | CVE-2005-4356 | SQL-Injection vulnerability in Ustore SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | 7.5 |
| 2005-12-20 | CVE-2005-4353 | SQL-Injection vulnerability in Toenda Software Development Toendacms 0.6.2.1 SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-20 | CVE-2005-4350 | Denial of Service vulnerability in SUN Wbem Services A.01.05.11/A.02.00.07 Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors. | 7.8 |
| 2005-12-19 | CVE-2005-4345 | Multiple vulnerability in Macromedia Coldfusion 7.0 Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. | 7.2 |
| 2005-12-19 | CVE-2005-4342 | Multiple vulnerability in Macromedia Coldfusion 6.0/6.1/7.0 ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." | 7.5 |