Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-30 | CVE-2005-3925 | SQL Injection vulnerability in Helpdesk Issue Manager Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php. | 7.5 |
| 2005-11-30 | CVE-2005-3922 | Heap Overflow vulnerability in Panda Software Antivirus Library ZOO Archive Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive. | 7.5 |
| 2005-11-30 | CVE-2005-3920 | SQL Injection vulnerability in Babe Logger Babe Logger 2 SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php. | 7.5 |
| 2005-11-30 | CVE-2005-3917 | SQL-Injection vulnerability in Commodityrentals 2.0 SQL injection vulnerability in usersession in CommodityRentals 2.0 Online Rental Business Creator script allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | 7.5 |
| 2005-11-30 | CVE-2005-3916 | SQL Injection vulnerability in WSN Forum WSN Forum 1.21 SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action. | 7.5 |
| 2005-11-30 | CVE-2005-3915 | Denial Of Service vulnerability in Clavister Firewall and Clavister Security Gateway The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.5 |
| 2005-11-30 | CVE-2005-3912 | Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. | 7.5 |
| 2005-11-30 | CVE-2005-3911 | SQL Injection vulnerability in Bosdev Bosdates 4.0 Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) category parameters. | 7.5 |
| 2005-11-30 | CVE-2005-3909 | SQL Injection vulnerability in Post Affiliate Pro SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter. | 7.5 |
| 2005-11-30 | CVE-2005-3907 | Privilege Escalation vulnerability in SUN JDK and JRE Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrusted Java applets. | 7.5 |