Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-06-29 | CVE-2005-2066 | SQL Injection vulnerability in Asp-Nuke 0.80 SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter. | 7.5 |
2005-06-29 | CVE-2005-2062 | SQL Injection vulnerability in Active web Softwares Activebuyandsell 6.2 Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp. | 7.5 |
2005-06-29 | CVE-2005-2058 | SQL-Injection vulnerability in UBB.threads Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php. | 7.5 |
2005-06-28 | CVE-2005-2051 | Remote Buffer Overflow vulnerability in Veritas Backup Exec Web Administration Console Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. | 7.5 |
2005-06-28 | CVE-2005-0772 | NULL Pointer Dereference vulnerability in Veritas Backup Exec VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference. | 7.5 |
2005-06-22 | CVE-2005-2049 | SQL Injection vulnerability in Duware Duclassmate 1.2 Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp. | 7.5 |
2005-06-22 | CVE-2005-2048 | SQL-Injection vulnerability in Duware Duforum 3.1 Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. | 7.5 |
2005-06-22 | CVE-2005-2047 | SQL-Injection vulnerability in Duware Dupaypal PRO 3.0 Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iPro parameter to detail.asp, (3) iSub parameter to sub.asp, (4) iCat parameter to catEdit.asp. | 7.5 |
2005-06-22 | CVE-2005-2046 | SQL-Injection vulnerability in Duamazon PRO 3.0/3.1 Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp. | 7.5 |
2005-06-22 | CVE-2005-2045 | SQL-Injection vulnerability in Duware Duportal PRO 3.4.3 Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp. | 7.5 |