Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-11 | CVE-2006-1706 | SQL Injection vulnerability in ShopWeezle Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. | 7.5 |
| 2006-04-11 | CVE-2006-1705 | Unspecified vulnerability in Oracle Oracle10G and Oracle9I Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | 2.1 |
| 2006-04-11 | CVE-2006-1704 | Unspecified vulnerability in Hubert Plisson Sire 2.0 Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php. | 5.0 |
| 2006-04-11 | CVE-2006-1703 | Remote File Include vulnerability in Hubert Plisson Sire 2.0 PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter. | 7.5 |
| 2006-04-11 | CVE-2006-1702 | Remote File Include vulnerability in Spip 1.8.3 PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. | 7.5 |
| 2006-04-11 | CVE-2006-1701 | Cross-Site Scripting vulnerability in Shadowed Portal Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. | 2.6 |
| 2006-04-11 | CVE-2006-1700 | Unspecified vulnerability in Aweb Scripts Seller Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication. | 7.5 |
| 2006-04-11 | CVE-2006-1699 | Cross-Site Scripting vulnerability in AWeb's Banner Generator Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode. | 2.6 |
| 2006-04-11 | CVE-2006-1698 | Cross-Site Scripting vulnerability in Matt Wright Guestbook Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. network matt-wright | 4.3 |
| 2006-04-11 | CVE-2006-1697 | HTML Injection vulnerability in Matt Wright Guestbook Guestbook.PL Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message. network matt-wright | 4.3 |