Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-14 | CVE-2005-2902 | SQL Injection vulnerability in Class-1 Forum SQL injection vulnerability in class-1 Forum Software 0.24.4 allows remote attackers to execute arbitrary SQL commands and bypass the file extension check via SQL code in the file extension of an uploaded file. | 7.5 |
| 2005-09-14 | CVE-2005-2896 | SQL Injection vulnerability in Stylemotion web News 1.4 SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php. | 7.5 |
| 2005-09-14 | CVE-2005-2893 | Remote Security vulnerability in Pblang 4.65 Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login. | 7.5 |
| 2005-09-14 | CVE-2005-2889 | Security Bypass vulnerability in Checkpoint Connectra NGX R60 Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions. | 7.5 |
| 2005-09-14 | CVE-2005-2888 | SQL-Injection vulnerability in MyBB Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php. | 7.5 |
| 2005-09-14 | CVE-2005-2885 | Remote File Upload vulnerability in Maxdev Md-Pro 1.0.73 The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files. | 7.5 |
| 2005-09-14 | CVE-2005-2881 | Security Bypass vulnerability in PHPcommunitycalendar 4.0.3 phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory. | 7.5 |
| 2005-09-14 | CVE-2005-2880 | SQL Injection vulnerability in PHPcommunitycalendar 4.0/4.0.1/4.0.3 Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via the (1) login field in login.php or (2) LocationID parameter to week.php. | 7.5 |
| 2005-09-13 | CVE-2005-2878 | Remote Format String vulnerability in GNU Mailutils 0.6 Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. | 7.5 |
| 2005-09-13 | CVE-2005-2876 | Unspecified vulnerability in Andries Brouwer Util-Linux umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. | 7.2 |