Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-26 | CVE-2005-3829 | SQL-Injection vulnerability in Activecampaign Knowledgebuilder 2.4 index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed. | 7.8 |
2005-11-26 | CVE-2005-3828 | SQL-Injection vulnerability in Activecampaign Knowledgebuilder 2.4 SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. | 7.5 |
2005-11-26 | CVE-2005-3827 | SQL Injection vulnerability in AgileBill Product_Cat SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-11-26 | CVE-2005-3826 | SQL Injection vulnerability in EZY Helpdesk Ezyhelpdesk 1.0 Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter. | 7.5 |
2005-11-26 | CVE-2005-3825 | SQL Injection vulnerability in Comdev Vote Caster SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action. | 7.5 |
2005-11-26 | CVE-2005-3823 | Input Validation vulnerability in VTiger CRM The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function. | 7.5 |
2005-11-26 | CVE-2005-3822 | Input Validation vulnerability in VTiger CRM Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. | 7.5 |
2005-11-26 | CVE-2005-3819 | Input Validation vulnerability in VTiger CRM Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module. | 7.5 |
2005-11-26 | CVE-2005-3817 | SQL Injection vulnerability in Softbiz web Hosting Directory Script Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module. | 7.5 |
2005-11-26 | CVE-2005-3816 | SQL Injection vulnerability in FreeForum Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode. | 7.5 |