Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
Max CVSS
7.5
EPSS Score
0.62%
Published
2005-05-31
Updated
2016-10-18
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-05-31
Updated
2024-03-21
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
Max CVSS
7.5
EPSS Score
0.68%
Published
2005-05-26
Updated
2024-02-13
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
Max CVSS
7.5
EPSS Score
1.07%
Published
2005-05-26
Updated
2024-01-25
Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension.
Max CVSS
7.5
EPSS Score
18.87%
Published
2005-05-03
Updated
2011-03-08
Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process.
Max CVSS
7.5
EPSS Score
57.15%
Published
2005-05-03
Updated
2011-03-08
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
Max CVSS
7.5
EPSS Score
56.84%
Published
2005-05-28
Updated
2016-10-18
SQL injection vulnerability in login.asp in an unknown product by Online Solutions for Educators (OS4E) allows remote attackers to execute arbitrary SQL commands via the password.
Max CVSS
7.5
EPSS Score
0.27%
Published
2005-05-28
Updated
2011-03-08
Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php.
Max CVSS
7.5
EPSS Score
0.48%
Published
2005-05-29
Updated
2008-09-05
Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
10.72%
Published
2005-05-31
Updated
2023-03-29
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked.
Max CVSS
7.5
EPSS Score
0.81%
Published
2005-05-27
Updated
2016-05-25
SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password.
Max CVSS
7.5
EPSS Score
0.19%
Published
2005-05-29
Updated
2008-09-05
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
Max CVSS
7.5
EPSS Score
0.98%
Published
2005-05-27
Updated
2016-11-25
SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter.
Max CVSS
7.5
EPSS Score
0.28%
Published
2005-05-25
Updated
2008-09-05
SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
Max CVSS
7.5
EPSS Score
0.50%
Published
2005-05-31
Updated
2011-03-08
Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.
Max CVSS
7.5
EPSS Score
1.23%
Published
2005-05-27
Updated
2008-09-05
SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password.
Max CVSS
7.5
EPSS Score
0.27%
Published
2005-05-31
Updated
2008-09-05
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
Max CVSS
7.5
EPSS Score
0.39%
Published
2005-05-31
Updated
2008-09-05
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
Max CVSS
7.5
EPSS Score
0.31%
Published
2005-05-31
Updated
2016-10-18
Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string.
Max CVSS
7.5
EPSS Score
1.68%
Published
2005-05-31
Updated
2016-10-18
Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available.
Max CVSS
7.5
EPSS Score
2.68%
Published
2005-05-31
Updated
2016-10-18
Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t.
Max CVSS
7.5
EPSS Score
1.38%
Published
2005-05-31
Updated
2016-10-18
Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 and possibly other versions allows local users to cause a denial of service (system crash) and possibly execute arbitrary code via certain signals combined with crafted input.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-05-31
Updated
2016-10-18
SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
Max CVSS
7.5
EPSS Score
0.28%
Published
2005-05-25
Updated
2008-09-05
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.
Max CVSS
6.8
EPSS Score
96.44%
Published
2005-05-24
Updated
2018-10-30
536 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!