Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-10-30 | CVE-2005-3386 | Scripts Multiple SQL Injection vulnerability in Techno Dreams SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | 7.5 |
2005-10-30 | CVE-2005-3385 | Scripts Multiple SQL Injection vulnerability in Techno Dreams SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | 7.5 |
2005-10-30 | CVE-2005-3384 | Scripts Multiple SQL Injection vulnerability in Techno Dreams SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | 7.5 |
2005-10-30 | CVE-2005-3383 | Scripts Multiple SQL Injection vulnerability in Techno Dreams SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | 7.5 |
2005-10-30 | CVE-2005-3369 | SQL Injection vulnerability in Woltlab Info-DB Info_db.PHP Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters. | 7.5 |
2005-10-30 | CVE-2005-3365 | SQL Injection vulnerability in Codeworx Technologies Dcp-Portal Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. | 7.5 |
2005-10-30 | CVE-2005-3364 | SQL Injection vulnerability in Platinum DBoardGear Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php. | 7.5 |
2005-10-30 | CVE-2005-3363 | Input Validation vulnerability in Saphp Saphplesson 1.1/2.0 SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php. | 7.5 |
2005-10-27 | CVE-2005-3339 | Remote vulnerability in Mantis Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors. | 7.2 |
2005-10-27 | CVE-2005-3336 | Remote vulnerability in Mantis 0.19.2/1.0.0Rc2 SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |