Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-13 | CVE-2007-0223 | SQL Injection vulnerability in All In One Control Panel SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter. | 7.5 |
| 2007-01-13 | CVE-2006-6927 | SQL Injection and Cross-Site Scripting vulnerability in Grandora Rialto 1.6 Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. | 7.5 |
| 2007-01-13 | CVE-2006-6923 | Input Validation vulnerability in Bitweaver SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter. | 7.5 |
| 2007-01-13 | CVE-2006-6922 | SQL Injection vulnerability in Deadlock SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2007-01-12 | CVE-2007-0194 | Information Disclosure vulnerability in Mkportal 1.1Rc1 admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message. | 7.8 |
| 2007-01-12 | CVE-2007-0193 | Remote Security vulnerability in La Fonera FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication. | 7.5 |
| 2007-01-12 | CVE-2007-0192 | Cross-Site Request Forgery vulnerability in MKPortal Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack. | 7.5 |
| 2007-01-12 | CVE-2007-0190 | Remote File Include vulnerability in Edit-X Edit_Address.PHP PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | 7.5 |
| 2007-01-12 | CVE-2007-0187 | Input Validation vulnerability in F5 Firepass F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. | 7.5 |
| 2007-01-12 | CVE-2007-0184 | Remote vulnerability in Direct Web Rendering Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks. | 7.5 |