Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-27 | CVE-2005-3335 | Unspecified vulnerability in Mantis 0.19.2/1.0.0Rc2 PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter. | 7.5 |
| 2005-10-27 | CVE-2005-3333 | SQL Injection vulnerability in Ebase Ebaseweb 3.0 SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2005-10-27 | CVE-2005-3332 | Remote File Include vulnerability in Belchior Foundry Vcard 2.9 PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter. | 7.5 |
| 2005-10-27 | CVE-2005-3330 | Improper Input Validation vulnerability in Snoopy 1.2 The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function. | 7.5 |
| 2005-10-27 | CVE-2005-3328 | Unspecified vulnerability in Punbb PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. | 7.5 |
| 2005-10-27 | CVE-2005-3327 | Authentication Bypass vulnerability in Network Appliance iSCSI Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity. | 7.5 |
| 2005-10-27 | CVE-2005-3326 | SQL Injection vulnerability in MyBulletinBoard Usercp.PHP SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter. | 7.5 |
| 2005-10-27 | CVE-2005-3325 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters. | 7.5 |
| 2005-10-27 | CVE-2005-3324 | SQL Injection vulnerability in Appindex Mwchat 6.8 SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
| 2005-10-27 | CVE-2005-3323 | docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. | 7.5 |