Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-09-06 | CVE-2005-2494 | Local Privilege Escalation vulnerability in KDE kcheckpass kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files. | 7.2 |
2005-09-06 | CVE-2005-2801 | Incorrect Comparison vulnerability in Linux Kernel 2.6.0 xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied. | 7.5 |
2005-09-02 | CVE-2005-2793 | Command Injection vulnerability in PHPldapadmin Project PHPldapadmin 0.9.6/0.9.7 PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. | 7.5 |
2005-09-02 | CVE-2005-2790 | Remote vulnerability in BFCommand & Control Server Manager BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client. | 7.5 |
2005-09-02 | CVE-2005-2789 | Remote vulnerability in BFCommand & Control Server Manager BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username. | 7.5 |
2005-09-02 | CVE-2005-2788 | SQL Injection vulnerability in Land Down Under Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php. | 7.5 |
2005-09-02 | CVE-2005-2784 | SQL Injection vulnerability in Cosmoshop 8.10.78 SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote attackers to execute arbitrary SQL commands and bypass authentication via unspecified vectors. | 7.5 |
2005-09-02 | CVE-2005-2782 | Remote File Include vulnerability in Autolinks 2.1 PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs. | 7.5 |
2005-09-02 | CVE-2005-2781 | Unspecified vulnerability in Ilia Alshanetsky Fudforum The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code. | 7.5 |
2005-09-02 | CVE-2005-2778 | SQL Injection vulnerability in MyBB Member.PHP SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter. | 7.5 |