Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-16 | CVE-2006-0729 | SQL Injection vulnerability in Teca Scripts Teca Diary Personal1.0 SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters. | 7.5 |
| 2006-02-16 | CVE-2006-0728 | SQL Injection vulnerability in WebSPELL Search.PHP SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter. | 7.5 |
| 2006-02-16 | CVE-2006-0727 | SQL Injection vulnerability in Musox DF Msanalysis 1.0.1 SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name. | 7.5 |
| 2006-02-16 | CVE-2006-0726 | HTML Injection vulnerability in Cpg-Nuke Dragonfly CMS 9.0.6.1 Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users. network cpg-nuke | 4.3 |
| 2006-02-16 | CVE-2006-0725 | Code Injection vulnerability in Plume-Cms Plume CMS 1.0.2 PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. | 6.8 |
| 2006-02-16 | CVE-2006-0724 | Variable Overwrite vulnerability in Reamday Enterprises Magic News Lite 1.2.3 profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | 2.6 |
| 2006-02-16 | CVE-2006-0723 | Code Injection vulnerability in Reamday Enterprises Magic News Lite 1.2.3 PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter. | 2.6 |
| 2006-02-16 | CVE-2006-0722 | Variable Overwrite vulnerability in Reamday Enterprises Magic Downloads 1.1.3 settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | 2.6 |
| 2006-02-16 | CVE-2006-0721 | SQL Injection vulnerability in Runcms 1.2/1.3A/1.3A2 SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. | 7.5 |
| 2006-02-15 | CVE-2006-0719 | SQL Injection vulnerability in Deltascripts PHP Classifieds 6.18/6.19/6.20 SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter. | 7.5 |