Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-07 | CVE-2006-6351 | Remote Security vulnerability in Khaledmuratlist KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb. | 10.0 |
2006-12-07 | CVE-2006-6350 | Remote Security vulnerability in Iisworks Listpics 5.0 listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb. | 10.0 |
2006-12-07 | CVE-2006-6349 | SQL Injection vulnerability in PWP Technologies the Classified AD System Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | 7.5 |
2006-12-07 | CVE-2006-6348 | Cross-Site Scripting vulnerability in Mowdbb RC6 Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter. network mowdbb | 6.8 |
2006-12-07 | CVE-2006-6347 | File-Upload vulnerability in TFT Gallery Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. | 6.5 |
2006-12-07 | CVE-2006-6346 | Multiple Unspecified vulnerability in SAP IGS Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. | 10.0 |
2006-12-07 | CVE-2006-6345 | Directory Traversal vulnerability in SAP Internet Graphics Service Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. | 7.5 |
2006-12-07 | CVE-2006-6344 | SQL-Injection vulnerability in Seditio Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. | 7.5 |
2006-12-07 | CVE-2006-6343 | SQL Injection vulnerability in Seditio/Land Down Under Polls.PHP SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. network neocrome | 6.8 |
2006-12-07 | CVE-2006-6342 | SQL-Injection vulnerability in Klf-Realty Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. | 7.5 |