Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-17 | CVE-2005-4316 | Denial Of Service vulnerability in Multiple Vendor TCP Packet Fragmentation Handling HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet. | 7.8 |
| 2005-12-17 | CVE-2005-4315 | SQL Injection vulnerability in Nicplex Plexcart X3 SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (2) s_orderby parameters to plexcart.pl. | 7.5 |
| 2005-12-17 | CVE-2005-4313 | SQL Injection vulnerability in Almondsoft Almond Personals 4.05 SQL injection vulnerability in index.php in AlmondSoft Almond Personals 4.05 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-17 | CVE-2005-4312 | SQL Injection vulnerability in AlmondSoft Almond Classifieds SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-17 | CVE-2005-4310 | Authentication Authorization Bypass vulnerability in SSH Tectia Server 5.0.0A/5.0.0F/5.0.0T SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials. | 7.5 |
| 2005-12-17 | CVE-2005-4309 | SQL Injection vulnerability in EZUpload SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | 7.5 |
| 2005-12-17 | CVE-2005-4308 | Remote File Include vulnerability in EZUpload index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter. | 7.5 |
| 2005-12-17 | CVE-2005-4303 | Input Validation vulnerability in EZDatabase SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter. | 7.5 |
| 2005-12-16 | CVE-2005-4300 | Remote Format String vulnerability in Libremail Pop.c Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response. | 7.5 |
| 2005-12-16 | CVE-2005-3652 | Buffer Overflow vulnerability in Citrix ICA Program Neighborhood Client 9.1 Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response. | 7.5 |