Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-06-22 | CVE-2005-1526 | Remote File Include vulnerability in RaXnet Cacti Config_Settings.PHP PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter. | 7.5 |
2005-06-22 | CVE-2005-1525 | SQL Injection vulnerability in RaXnet Cacti SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-06-22 | CVE-2005-1250 | Unspecified vulnerability in Ipswitch Whatsup Professional2005Sp1 SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). | 7.5 |
2005-06-21 | CVE-2005-2037 | SQL-Injection vulnerability in Fortibus CMS Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page. | 7.5 |
2005-06-21 | CVE-2005-2028 | Remote SQL Injection vulnerability in Mercuryboard Message Board 1.1.4 SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | 7.5 |
2005-06-20 | CVE-2005-2012 | SQL-Injection vulnerability in PHP Arena Pafaq 1.0Beta4 Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters. | 7.5 |
2005-06-20 | CVE-2005-2009 | SQL-Injection vulnerability in Ublog Reload 1.0.5 Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp. | 7.5 |
2005-06-20 | CVE-2005-1992 | Command Execution vulnerability in Yukihiro Matsumoto Ruby 1.8 The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. | 7.5 |
2005-06-18 | CVE-2005-0773 | Remote Agent for Windows Servers Authentication Buffer Overflow vulnerability in Veritas Backup Exec Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument. | 7.5 |
2005-06-17 | CVE-2005-2029 | Remote Security vulnerability in Amarok web Frontend 1.3 amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file. | 7.5 |