Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-06 | CVE-2005-2164 | SQL-Injection vulnerability in Covide Groupware-Crm Covide 5.2 SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2005-07-06 | CVE-2005-2160 | Cleartext Storage of Sensitive Information vulnerability in Ipswitch Imail 2006 IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2005-07-06 | CVE-2005-2158 | Remote Security vulnerability in Jboss Jbpm 2.0 A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845. | 7.5 |
| 2005-07-06 | CVE-2005-2156 | SQL Injection vulnerability in PHPnews 1.2.5 SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the prevnext parameter. | 7.5 |
| 2005-07-06 | CVE-2005-2155 | Remote Security vulnerability in Easyphpcalendar 6.1.5 PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter. | 7.5 |
| 2005-07-06 | CVE-2005-2154 | Input Validation vulnerability in OSTicket PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. | 7.5 |
| 2005-07-06 | CVE-2005-2153 | Input Validation vulnerability in OSTicket SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable. | 7.5 |
| 2005-07-06 | CVE-2005-2152 | SQL-Injection vulnerability in Geeklog SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article. | 7.5 |
| 2005-07-06 | CVE-2005-2148 | SQL Injection vulnerability in RaXnet Cacti Input Filter Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php. | 7.5 |
| 2005-07-06 | CVE-2005-2096 | Unspecified vulnerability in Zlib 1.2.0/1.2.1/1.2.2 zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | 7.5 |