Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-07 | CVE-2006-6373 | Information Disclosure vulnerability in PHPmyadmin 2.7.0Pl2 PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. | 5.0 |
2006-12-07 | CVE-2006-6372 | Cross-Site Scripting vulnerability in James Barnsley JAB Guest Book 20061205 Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. network james-barnsley | 6.8 |
2006-12-07 | CVE-2006-6371 | HTML Injection vulnerability in JAB Guest Book Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter. network james-barnsley | 6.8 |
2006-12-07 | CVE-2006-6370 | SQL-Injection vulnerability in Invision Power Services Invision Gallery 2.0.7 SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php. | 7.5 |
2006-12-07 | CVE-2006-6369 | SQL-Injection vulnerability in Invision Power Services Invision Community Blog 1.2.4 SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. | 7.5 |
2006-12-07 | CVE-2006-6368 | Remote File Include vulnerability in Awrate 1.0 PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php. | 7.5 |
2006-12-07 | CVE-2006-6367 | SQL Injection vulnerability in Duware Dudownload, Dunews and Dupaypal Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. | 7.5 |
2006-12-07 | CVE-2006-6366 | Cross-Site Scripting vulnerability in Cerberus Helpdesk Spellwin.PHP Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. network cerberus | 6.8 |
2006-12-07 | CVE-2006-6365 | SQL Injection vulnerability in DUware DUpaypal Pro SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. | 7.5 |
2006-12-07 | CVE-2006-6364 | Cross-Site Scripting vulnerability in Inside Systems Inside Systems Mail2.0 Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. network inside-systems | 6.8 |