Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2005-06-22 CVE-2005-1526 Remote File Include vulnerability in RaXnet Cacti Config_Settings.PHP
PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.
network
low complexity
the-cacti-group
7.5
7.5
2005-06-22 CVE-2005-1525 SQL Injection vulnerability in RaXnet Cacti
SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
the-cacti-group
7.5
7.5
2005-06-22 CVE-2005-1250 Unspecified vulnerability in Ipswitch Whatsup Professional2005Sp1
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).
network
low complexity
ipswitch
7.5
7.5
2005-06-21 CVE-2005-2037 SQL-Injection vulnerability in Fortibus CMS
Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page.
network
low complexity
fortibus
7.5
7.5
2005-06-21 CVE-2005-2028 Remote SQL Injection vulnerability in Mercuryboard Message Board 1.1.4
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
network
low complexity
mercuryboard
7.5
7.5
2005-06-20 CVE-2005-2012 SQL-Injection vulnerability in PHP Arena Pafaq 1.0Beta4
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.
network
low complexity
php-arena
7.5
7.5
2005-06-20 CVE-2005-2009 SQL-Injection vulnerability in Ublog Reload 1.0.5
Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp.
network
low complexity
ublog
7.5
7.5
2005-06-20 CVE-2005-1992 Command Execution vulnerability in Yukihiro Matsumoto Ruby 1.8
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
network
low complexity
yukihiro-matsumoto
7.5
7.5
2005-06-18 CVE-2005-0773 Remote Agent for Windows Servers Authentication Buffer Overflow vulnerability in Veritas Backup Exec
Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.
network
low complexity
symantec-veritas
7.5
7.5
2005-06-17 CVE-2005-2029 Remote Security vulnerability in Amarok web Frontend 1.3
amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file.
network
low complexity
amarok
7.5
7.5