Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0672 | Remote vulnerability in Ca3DE Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference. | 7.5 |
| 2005-05-02 | CVE-2005-0669 | Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module. | 7.5 |
| 2005-05-02 | CVE-2005-0663 | SQL-Injection vulnerability in Mercuryboard 1.1.2 SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0661 | SQL-Injection vulnerability in Burning Board SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie. | 7.5 |
| 2005-05-02 | CVE-2005-0658 | SQL-Injection vulnerability in Cmw Linklist SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0651 | SQL Injection vulnerability in Projectbb 0.4.5.1 Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "drivers.php" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section. | 7.5 |
| 2005-05-02 | CVE-2005-0646 | SQL-Injection vulnerability in PHP Arena Panews 2.0.4B SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0644 | Buffer Overflow/Directory Traversal vulnerability in Mcafee Antivirus Engine 4.3.20 Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643. | 7.5 |
| 2005-05-02 | CVE-2005-0643 | Buffer Overflow/Directory Traversal vulnerability in Mcafee Antivirus Engine 4.3.20 Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files. | 7.5 |
| 2005-05-02 | CVE-2005-0642 | Unspecified vulnerability in Broadcom Unicenter Asset Management 4.0 SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file. | 7.5 |