SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Max CVSS
7.5
EPSS Score
1.01%
Published
2005-10-30
Updated
2016-10-18
SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Max CVSS
7.5
EPSS Score
0.26%
Published
2005-10-30
Updated
2016-10-18
SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Max CVSS
7.5
EPSS Score
0.36%
Published
2005-10-30
Updated
2016-10-18
SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Max CVSS
7.5
EPSS Score
0.26%
Published
2005-10-30
Updated
2016-10-18
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.
Max CVSS
7.5
EPSS Score
0.34%
Published
2005-10-30
Updated
2017-07-11
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
Max CVSS
7.5
EPSS Score
0.52%
Published
2005-10-30
Updated
2018-10-19
Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php.
Max CVSS
7.5
EPSS Score
1.11%
Published
2005-10-30
Updated
2016-10-18
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
Max CVSS
7.5
EPSS Score
2.83%
Published
2005-10-30
Updated
2018-10-19
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
Max CVSS
7.2
EPSS Score
0.96%
Published
2005-10-27
Updated
2008-09-05
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Max CVSS
7.5
EPSS Score
1.31%
Published
2005-10-27
Updated
2011-03-08
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
Max CVSS
7.5
EPSS Score
10.75%
Published
2005-10-27
Updated
2017-07-11
SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
Max CVSS
7.5
EPSS Score
1.23%
Published
2005-10-27
Updated
2017-07-11
PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter.
Max CVSS
7.5
EPSS Score
1.42%
Published
2005-10-27
Updated
2008-09-05
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
Max CVSS
7.5
EPSS Score
83.37%
Published
2005-10-27
Updated
2017-07-11
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter.
Max CVSS
7.5
EPSS Score
3.11%
Published
2005-10-27
Updated
2016-10-18
Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity.
Max CVSS
7.5
EPSS Score
0.45%
Published
2005-10-27
Updated
2016-10-18
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.
Max CVSS
7.5
EPSS Score
0.26%
Published
2005-10-27
Updated
2008-09-05
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.
Max CVSS
7.5
EPSS Score
0.68%
Published
2005-10-27
Updated
2012-07-03
SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Max CVSS
7.5
EPSS Score
11.15%
Published
2005-10-27
Updated
2017-07-11
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.
Max CVSS
7.5
EPSS Score
2.28%
Published
2005-10-27
Updated
2018-10-03
Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute arbitrary code via (1) a ZIP archive that contains a file with a long filename, which is not properly handled by (a) zipgenius.exe, (b) zg.exe, (c) zgtips.dll, and (d) contmenu.dll; (2) a long original name in a (a) UUE, (b) XXE, or (c) MIM file, which is not properly handled by zipgenius.exe; or (3) an ACE archive with a file with a long filename, which is not properly handled by unacev2.dll.
Max CVSS
7.5
EPSS Score
18.62%
Published
2005-10-27
Updated
2009-03-25
The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.
Max CVSS
7.5
EPSS Score
0.20%
Published
2005-10-27
Updated
2013-07-07
Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.
Max CVSS
7.5
EPSS Score
95.94%
Published
2005-10-30
Updated
2011-03-08
Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php and the catid parameter in (2) get.php and (3) index.php.
Max CVSS
7.5
EPSS Score
1.24%
Published
2005-10-26
Updated
2017-07-11
Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file.
Max CVSS
7.5
EPSS Score
1.06%
Published
2005-10-26
Updated
2017-07-11
97 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!