Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2006-12-07	CVE-2006-6373	Information Disclosure vulnerability in PHPmyadmin 2.7.0Pl2 PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. network low complexity phpmyadmin	5.0
2006-12-07	CVE-2006-6372	Cross-Site Scripting vulnerability in James Barnsley JAB Guest Book 20061205 Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. network james-barnsley	6.8
2006-12-07	CVE-2006-6371	HTML Injection vulnerability in JAB Guest Book Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter. network james-barnsley	6.8
2006-12-07	CVE-2006-6370	SQL-Injection vulnerability in Invision Power Services Invision Gallery 2.0.7 SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php. network low complexity invision-power-services	7.5
2006-12-07	CVE-2006-6369	SQL-Injection vulnerability in Invision Power Services Invision Community Blog 1.2.4 SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. network low complexity invision-power-services	7.5
2006-12-07	CVE-2006-6368	Remote File Include vulnerability in Awrate 1.0 PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php. network low complexity awrate	7.5
2006-12-07	CVE-2006-6367	SQL Injection vulnerability in Duware Dudownload, Dunews and Dupaypal Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. network low complexity duware CWE-89	7.5
2006-12-07	CVE-2006-6366	Cross-Site Scripting vulnerability in Cerberus Helpdesk Spellwin.PHP Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. network cerberus	6.8
2006-12-07	CVE-2006-6365	SQL Injection vulnerability in DUware DUpaypal Pro SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. network low complexity duware	7.5
2006-12-07	CVE-2006-6364	Cross-Site Scripting vulnerability in Inside Systems Inside Systems Mail2.0 Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. network inside-systems	6.8

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities