Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-08-24 | CVE-2005-2690 | SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.76Rc4B SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php. | 7.5 |
2005-08-24 | CVE-2005-2687 | Remote Security vulnerability in Savewebportal 3.4 PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | 7.5 |
2005-08-24 | CVE-2005-2686 | Directory Traversal vulnerability in Savewebportal 3.4 Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | 7.5 |
2005-08-24 | CVE-2005-2685 | Remote Security vulnerability in Savewebportal 3.4 SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. | 7.5 |
2005-08-24 | CVE-2005-2556 | Input Validation vulnerability in Mantis core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | 7.5 |
2005-08-23 | CVE-2005-2684 | nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query. | 7.5 |
2005-08-23 | CVE-2005-2683 | SQL Injection vulnerability in PHPkit 1.6.1 Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php. | 7.5 |
2005-08-23 | CVE-2005-2681 | Local Privilege Escalation vulnerability in Cisco Intrusion Prevention System Unspecified vulnerability in the command line processing (CLI) logic in Cisco Intrusion Prevention System 5.0(1) and 5.0(2) allows local users with OPERATOR or VIEWER privileges to gain additional privileges via unknown vectors. | 7.2 |
2005-08-23 | CVE-2005-2673 | SQL Injection vulnerability in Woltlab Burning Board 2.2.2/2.2.3 SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters. | 7.5 |
2005-08-23 | CVE-2005-2665 | Remote Buffer Overflow vulnerability in Elm Expires Header Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header. | 7.5 |