Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-05 | CVE-2005-4014 | Denial-Of-Service vulnerability in PHP web Statistik 1.4 stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value. | 7.8 |
| 2005-12-05 | CVE-2005-4011 | SQL Injection vulnerability in Codewalkers Ltwcalendar SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-05 | CVE-2005-4010 | SQL Injection vulnerability in KBase Express SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php. | 7.5 |
| 2005-12-05 | CVE-2005-4009 | SQL-Injection vulnerability in PHP Lite Calendar Express 2.0/2.2 Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php. | 7.5 |
| 2005-12-05 | CVE-2005-4008 | SQL Injection vulnerability in JAX Calendar JAX Calendar 1.34 SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. | 7.5 |
| 2005-12-05 | CVE-2005-4005 | SQL Injection vulnerability in PHP Fusion PHP Fusion 6.00.109 SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php. | 7.5 |
| 2005-12-05 | CVE-2005-4003 | Cross-Site Scripting vulnerability in Absolute Shopping Package Solutions Shopping Cart 2.1/2.9D Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. | 7.5 |
| 2005-12-05 | CVE-2005-4001 | SQL Injection vulnerability in PHPYellowTM Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php. | 7.5 |
| 2005-12-05 | CVE-2005-3993 | Denial-Of-Service vulnerability in MailEnable Enterprise Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. | 7.8 |
| 2005-12-04 | CVE-2005-3992 | Remote Buffer Overflow vulnerability in Wineggdropshell 1.7 Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server. | 7.5 |