Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-26 | CVE-2005-3815 | SQL Injection vulnerability in Orca Forum Forum.PHP SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. | 7.5 |
| 2005-11-25 | CVE-2005-3810 | Denial-Of-Service vulnerability in kernel ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference. | 7.8 |
| 2005-11-25 | CVE-2005-3809 | Denial-Of-Service vulnerability in kernel The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference. | 7.8 |
| 2005-11-24 | CVE-2005-3803 | Use of Hard-coded Credentials vulnerability in Cisco Unified Wireless IP Phone 7920 Firmware 1.0(8) Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2005-11-24 | CVE-2005-3798 | Unspecified vulnerability in Alstrasoft Template Seller 3.25 SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field. | 7.5 |
| 2005-11-24 | CVE-2005-3797 | Remote File Include vulnerability in Alstrasoft Template Seller 3.25 PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter. | 7.5 |
| 2005-11-24 | CVE-2005-3796 | Remote Security vulnerability in Alstrasoft Affiliate Network PRO 7.2 Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. | 7.5 |
| 2005-11-24 | CVE-2005-3793 | SQL-Injection vulnerability in Alstrasoft Affiliate Network PRO 7.2 Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php. | 7.5 |
| 2005-11-24 | CVE-2005-3792 | SQL Injection vulnerability in PHPNuke Search Module Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. | 7.5 |
| 2005-11-23 | CVE-2005-3780 | Remote Buffer Overflow vulnerability in IPUpdate Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records. | 7.5 |