Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-06-01 | CVE-2005-1821 | Remote File Include vulnerability in Powerscripts.Org Powerdownload 3.0.2/3.0.3 PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php. | 7.5 |
2005-06-01 | CVE-2005-1820 | Remote Command Execution vulnerability in Zeroboard Preg_replace zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function. | 7.5 |
2005-06-01 | CVE-2005-1818 | SQL Injection vulnerability in NewLife Blogger Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 allow remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2005-06-01 | CVE-2005-1814 | Remote Buffer Overflow vulnerability in Newmad Technologies Picowebserver 1.0 Stack-based buffer overflow in PicoWebServer 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URL. | 7.5 |
2005-06-01 | CVE-2005-1813 | Path Traversal vulnerability in Futuresoft Tftp Server 2000 1.0.0.1 Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2) "..\" (dot dot backslash) sequences. | 7.8 |
2005-06-01 | CVE-2005-1810 | SQL Injection vulnerability in Wordpress 1.5.1 SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php. | 7.5 |
2005-06-01 | CVE-2005-1788 | Unspecified vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.0 SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter. | 7.5 |
2005-05-31 | CVE-2005-1833 | SQL-Injection vulnerability in MyBulletinBoard Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php. | 7.5 |
2005-05-31 | CVE-2005-1779 | Unspecified vulnerability in Maxwebportal SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter. | 7.5 |
2005-05-31 | CVE-2005-1777 | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750 SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. | 7.5 |