Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-02 | CVE-2006-2136 | SQL Injection vulnerability in Aznews 1.0 SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
| 2006-05-02 | CVE-2006-2135 | SQL Injection vulnerability in Ruperts News Script Login.PHP SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
| 2006-05-02 | CVE-2006-2134 | Remote File Include vulnerability in phpBB Knowledge Base Mod KB_constants.PHP PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 5.1 |
| 2006-05-02 | CVE-2006-2109 | Cross-Site Scripting vulnerability in JSBoard Login.PHP Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php. network jsboard | 6.8 |
| 2006-05-01 | CVE-2006-2133 | SQL-Injection vulnerability in Barracuda SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality. | 7.5 |
| 2006-05-01 | CVE-2006-2132 | SQL Injection vulnerability in DUclassified Detail.ASP SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | 6.4 |
| 2006-05-01 | CVE-2006-2131 | Remote Security vulnerability in Advanced Poll Advanced Poll 2.0.4 include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions. | 5.0 |
| 2006-05-01 | CVE-2006-2130 | SQL-Injection vulnerability in Advanced Poll Advanced Poll 2.0.4 SQL injection vulnerability in include/class_poll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | 5.1 |
| 2006-05-01 | CVE-2006-2129 | SQL Injection vulnerability in Deltascripts PRO Publish 2.0 Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php. | 5.5 |
| 2006-05-01 | CVE-2006-2128 | SQL Injection vulnerability in Deltascripts PRO Publish 2.0 Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php. | 7.5 |