Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-09-21 | CVE-2005-2662 | Local Privilege Escalation vulnerability in MasqMail masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message. | 7.5 |
2005-09-20 | CVE-2005-2920 | Buffer Overflow vulnerability in ClamAV UPX Compressed Executable Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable. | 7.5 |
2005-09-20 | CVE-2005-2998 | Remote Security vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.30 PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files. | 7.5 |
2005-09-20 | CVE-2005-2996 | Unspecified vulnerability in Symantec Veritas Storage Exec and Storagecentral Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls. | 7.5 |
2005-09-20 | CVE-2005-2968 | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | 7.5 |
2005-09-20 | CVE-2005-2989 | SQL Injection vulnerability in Deluxebb 1.0/1.05 Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php. | 7.5 |
2005-09-20 | CVE-2005-2987 | SQL Injection vulnerability in Digital Scribe Digital Scribe 1.4 SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2005-09-20 | CVE-2005-2986 | SQL Injection vulnerability in Ahnlab V3 Virusblock 2005, V3Net and V3Pro 2004 The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges. | 7.5 |
2005-09-20 | CVE-2005-2985 | SQL Injection vulnerability in AEwebworks Aedating 3.2/4.0 SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter. | 7.5 |
2005-09-20 | CVE-2005-2983 | SQL Injection vulnerability in Oracle Reports 1.00 SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | 7.5 |