Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-14 | CVE-2005-4230 | Input Validation vulnerability in Link Up Gold SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter. | 7.5 |
2005-12-14 | CVE-2005-4228 | SQL Injection vulnerability in PHPwebgallery Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. | 7.5 |
2005-12-14 | CVE-2005-4227 | Input Validation vulnerability in DCP-Portal Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. | 7.5 |
2005-12-14 | CVE-2005-4226 | SQL-Injection vulnerability in PhpWebThings Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. | 7.5 |
2005-12-14 | CVE-2005-4225 | SQL-Injection vulnerability in Mywebland Mybloggie 2.1.3Beta Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php. | 7.5 |
2005-12-14 | CVE-2005-4224 | SQL-Injection vulnerability in E107 0.7 Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php. | 7.5 |
2005-12-14 | CVE-2005-4223 | SQL-Injection vulnerability in Utopia Software Utopia News PRO 1.1.4 Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php. | 7.5 |
2005-12-14 | CVE-2005-4221 | SQL Injection vulnerability in Arab Portal Arab Portal 2Beta2 SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID (session ID) or (2) REQUEST_URI (query string). | 7.5 |
2005-12-14 | CVE-2005-4220 | Buffer Errors vulnerability in Netgear Rp114 3.26 Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap. | 7.8 |
2005-12-14 | CVE-2005-4218 | SQL Injection vulnerability in PHPwebthings 1.4 SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585. | 7.5 |