Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-07-11 | CVE-2005-2193 | SQL-Injection vulnerability in Punbb SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped. | 7.5 |
2005-07-11 | CVE-2005-2190 | SQL-Injection vulnerability in Comersus Cart Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. | 7.5 |
2005-07-11 | CVE-2005-2188 | Remote Security vulnerability in IntruShield Security Management System McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack. | 7.5 |
2005-07-11 | CVE-2005-2185 | Remote Security vulnerability in Eroom eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. | 7.5 |
2005-07-11 | CVE-2005-2184 | Remote Security vulnerability in Eroom eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. | 7.5 |
2005-07-11 | CVE-2005-2183 | Security Bypass vulnerability in PHPxmail 0.7/1.1 class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access. | 7.5 |
2005-07-11 | CVE-2005-2182 | Improper Verification of Cryptographic Signature vulnerability in Grandstream Bt-100 Firmware Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
2005-07-11 | CVE-2005-2181 | Improper Verification of Cryptographic Signature vulnerability in Cisco IP Phone 7940 Firmware and IP Phone 7960 Firmware Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
2005-07-11 | CVE-2005-2178 | Remote Security vulnerability in Probe.Cgi probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the olddat parameter. | 7.5 |
2005-07-06 | CVE-2005-2165 | Remote Security vulnerability in GlobalNoteScript read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters. | 7.5 |