SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Max CVSS
7.5
EPSS Score
1.01%
Published
2005-10-30
Updated
2016-10-18
SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Max CVSS
7.5
EPSS Score
0.26%
Published
2005-10-30
Updated
2016-10-18
SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Max CVSS
7.5
EPSS Score
0.36%
Published
2005-10-30
Updated
2016-10-18
SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Max CVSS
7.5
EPSS Score
0.26%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.0
EPSS Score
4.74%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.0
EPSS Score
1.55%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.0
EPSS Score
2.85%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.1
EPSS Score
1.26%
Published
2005-10-30
Updated
2018-10-19
Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.1
EPSS Score
0.62%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.1
EPSS Score
1.37%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.1
EPSS Score
0.80%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.1
EPSS Score
0.95%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.1
EPSS Score
0.95%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.1
EPSS Score
0.95%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.1
EPSS Score
1.25%
Published
2005-10-30
Updated
2021-04-09
Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.1
EPSS Score
0.95%
Published
2005-10-30
Updated
2016-10-18
Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Max CVSS
5.1
EPSS Score
0.95%
Published
2005-10-30
Updated
2016-10-18
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.
Max CVSS
7.5
EPSS Score
0.34%
Published
2005-10-30
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
Max CVSS
4.3
EPSS Score
0.79%
Published
2005-10-30
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-10-30
Updated
2016-10-18
PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher.
Max CVSS
6.8
EPSS Score
5.58%
Published
2005-10-30
Updated
2017-07-11
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
Max CVSS
7.5
EPSS Score
0.52%
Published
2005-10-30
Updated
2018-10-19
Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php.
Max CVSS
7.5
EPSS Score
1.11%
Published
2005-10-30
Updated
2016-10-18
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
Max CVSS
7.5
EPSS Score
2.83%
Published
2005-10-30
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-10-28
Updated
2016-10-18
283 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!