Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-19 | CVE-2005-4337 | Security Bypass vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter. | 7.5 |
2005-12-17 | CVE-2005-4335 | Denial-Of-Service vulnerability in Projectforum ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html. | 7.8 |
2005-12-17 | CVE-2005-4334 | SQL Injection vulnerability in John Andersson Zixforum 1.12 SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp. | 7.5 |
2005-12-17 | CVE-2005-4331 | SQL Injection vulnerability in Ihtml Merchant Ihtml Merchant 2Pro SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters. | 7.5 |
2005-12-17 | CVE-2005-4330 | SQL Injection vulnerability in IHTML Merchant Mall SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters. | 7.5 |
2005-12-17 | CVE-2005-4329 | SQL Injection vulnerability in PHP Arena PAFileDB Extreme Edition SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter. | 7.5 |
2005-12-17 | CVE-2005-4324 | Unspecified vulnerability in Hitachi Groupmax Mail Smtp 0650/0700 Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format." | 7.8 |
2005-12-17 | CVE-2005-4323 | Unspecified vulnerability in Hitachi products Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component. | 7.8 |
2005-12-17 | CVE-2005-4321 | Unspecified vulnerability in Apani Networks Epiforce Agent The Internet Key Exchange version 1 (IKEv1) implementation in Apani Networks EpiForce 1.9 and earlier running IPSec, allow remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.8 |
2005-12-17 | CVE-2005-4318 | SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable. | 7.5 |