Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2005-06-01 CVE-2005-1821 Remote File Include vulnerability in Powerscripts.Org Powerdownload 3.0.2/3.0.3
PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php.
network
low complexity
powerscripts-org
7.5
7.5
2005-06-01 CVE-2005-1820 Remote Command Execution vulnerability in Zeroboard Preg_replace
zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function.
network
low complexity
zeroboard
7.5
7.5
2005-06-01 CVE-2005-1818 SQL Injection vulnerability in NewLife Blogger
Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 allow remote attackers to execute arbitrary SQL commands via unknown attack vectors.
network
low complexity
newlife-blogger
7.5
7.5
2005-06-01 CVE-2005-1814 Remote Buffer Overflow vulnerability in Newmad Technologies Picowebserver 1.0
Stack-based buffer overflow in PicoWebServer 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URL.
network
low complexity
newmad-technologies
7.5
7.5
2005-06-01 CVE-2005-1813 Path Traversal vulnerability in Futuresoft Tftp Server 2000 1.0.0.1
Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2) "..\" (dot dot backslash) sequences.
network
low complexity
futuresoft CWE-22
7.8
7.8
2005-06-01 CVE-2005-1810 SQL Injection vulnerability in Wordpress 1.5.1
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.
network
low complexity
wordpress
7.5
7.5
2005-06-01 CVE-2005-1788 Unspecified vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.0
SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter.
network
low complexity
hosting-controller
7.5
7.5
2005-05-31 CVE-2005-1833 SQL-Injection vulnerability in MyBulletinBoard
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
network
low complexity
mybulletinboard
7.5
7.5
2005-05-31 CVE-2005-1779 Unspecified vulnerability in Maxwebportal
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
network
low complexity
maxwebportal
7.5
7.5
2005-05-31 CVE-2005-1777 Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
network
low complexity
postnuke-software-foundation
7.5
7.5