Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-01 | CVE-2006-2127 | SQL Injection vulnerability in Blog MOD Blog MOD 0.2.3/0.2.4/0.2.4B SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter. | 6.4 |
| 2006-05-01 | CVE-2006-2126 | SQL Injection vulnerability in Avalon LTD Maxtrade 1.0.1 SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters. | 6.4 |
| 2006-05-01 | CVE-2006-2124 | Cross-Site Scripting vulnerability in SunShop Shopping Cart 3.0/3.5 Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php. network turnkey-solutions | 5.8 |
| 2006-05-01 | CVE-2006-2123 | SQL Injection vulnerability in Network Administration Visualized Network Administration Visualized 3.0 Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 6.4 |
| 2006-05-01 | CVE-2006-2122 | Code Injection vulnerability in Coolmenus 4.0 PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. | 6.8 |
| 2006-05-01 | CVE-2006-2121 | Remote File Include vulnerability in I-RATER Platinum Config_settings.TPL.PHP PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. | 5.0 |
| 2006-05-01 | CVE-2006-2120 | Denial of Service vulnerability in Libtiff 3.8.1 The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. | 2.1 |
| 2006-05-01 | CVE-2006-2119 | Remote File Include vulnerability in Artmedic Event PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter. | 5.0 |
| 2006-05-01 | CVE-2006-2118 | Authentication Bypass vulnerability in JMK Picture Gallery Admin_Gallery.PHP3 JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action. | 7.5 |
| 2006-05-01 | CVE-2006-2117 | HTML Injection vulnerability in Extrosoft Thyme 1.3 Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. network extrosoft | 4.3 |