Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-06 | CVE-2005-4037 | SQL Injection vulnerability in Web4Future Affiliate Manager PRO Functions.PHP SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 |
| 2005-12-06 | CVE-2005-4035 | SQL Injection vulnerability in Web4Future eCommerce Enterprise Edition Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php; the (3) the bid parameter to (b) viewbrands.php; and the (4) grp and (5) cat parameters to index.php. | 7.5 |
| 2005-12-06 | CVE-2005-4034 | SQL Injection vulnerability in Web4Future Edating Professional 5 Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php. | 7.5 |
| 2005-12-06 | CVE-2005-4031 | Remote Code Execution vulnerability in MediaWiki User Language Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function. | 7.5 |
| 2005-12-05 | CVE-2005-4027 | SQL Injection vulnerability in Simplemedia Simplebbs 1.1 SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | 7.5 |
| 2005-12-05 | CVE-2005-4025 | Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user. | 7.5 |
| 2005-12-05 | CVE-2005-4020 | SQL-Injection vulnerability in Widget Imprint SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | 7.5 |
| 2005-12-05 | CVE-2005-4019 | SQL Injection vulnerability in Relative Real Estate Systems SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter. | 7.5 |
| 2005-12-05 | CVE-2005-4018 | SQL Injection vulnerability in SAMEDIA Landshop SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start, (2) search_order, (3) search_type, (4) search_area, and (5) keyword parameters. | 7.5 |
| 2005-12-05 | CVE-2005-4016 | SQL Injection vulnerability in Widget Press Widget Property 1.1.19 SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php. | 7.5 |