Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-03 | CVE-2005-3969 | Input Validation vulnerability in MXChange SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2005-12-02 | CVE-2005-3964 | Buffer Overflow vulnerability in Integrated Computer Solutions Openmotif 2.2.3 Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c. | 7.5 |
| 2005-12-02 | CVE-2005-3963 | SQL Injection vulnerability in Dotclear 1.2.1/1.2.2 SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie. | 7.5 |
| 2005-12-01 | CVE-2005-3960 | Remote Denial of Service vulnerability in Kadu Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information. | 7.8 |
| 2005-12-01 | CVE-2005-3958 | SQL Injection vulnerability in Entergal MX Entergal MX 2.0 SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter. | 7.5 |
| 2005-12-01 | CVE-2005-3956 | SQL Injection vulnerability in Dmanews 0.904/0.91 Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action. | 7.5 |
| 2005-12-01 | CVE-2005-3953 | SQL Injection vulnerability in Bedeng PSP Bedeng PSP 1.1 SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php. | 7.5 |
| 2005-12-01 | CVE-2005-3952 | SQL Injection vulnerability in PHP Labs TOP Auction 1.0 SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. | 7.5 |
| 2005-12-01 | CVE-2005-3951 | SQL-Injection vulnerability in Survey Wizard SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
| 2005-12-01 | CVE-2005-3949 | SQL Injection vulnerability in Webcalendar 1.0.1 Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php. | 7.5 |