Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-08-30 | CVE-2005-2729 | Unspecified vulnerability in Astaro Security Linux 6.001 The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services. | 7.5 |
| 2005-08-30 | CVE-2005-2723 | SQL Injection vulnerability in PHP Arena Pafiledb 3.1 SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmethod is set to cookies, allows remote attackers to execute arbitrary SQL commands via the username value in the pafiledbcookie cookie. | 7.5 |
| 2005-08-30 | CVE-2005-2720 | Remote Buffer Overflow vulnerability in HAURI Anti-Virus ACE Archive Handling Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename. | 7.5 |
| 2005-08-29 | CVE-2005-2718 | Buffer Overflow vulnerability in MPlayer Audio Header Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via crafted PCM audio data, as demonstrated using a video file with an audio header containing a large value in a stream format (strf) chunk. | 7.5 |
| 2005-08-29 | CVE-2005-2717 | Remote File Include vulnerability in Webcalendar 1.0.0 PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts. | 7.5 |
| 2005-08-29 | CVE-2005-2716 | Remote Command Execution vulnerability in Nokia Affix BTSRV Device Name The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name. | 7.5 |
| 2005-08-26 | CVE-2005-2697 | SQL Injection vulnerability in MyBulletinBoard Search.PHP SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. | 7.5 |
| 2005-08-26 | CVE-2005-2694 | Remote Security vulnerability in Winace 2.6.0.5 Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allows remote attackers to execute arbitrary code via a temporary (.tmp) file that contains an entry with a long file name. | 7.5 |
| 2005-08-24 | CVE-2005-2692 | SQL-Injection vulnerability in Runcms 1.1/1.1A/1.2 Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. | 7.5 |
| 2005-08-24 | CVE-2005-2691 | Remote Security vulnerability in Runcms 1.1/1.1A/1.2 includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. | 7.5 |