Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-09 | CVE-2007-0134 | Code Injection vulnerability in Igeneric IG Shop 1.0/1.4 Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. | 7.5 |
| 2007-01-09 | CVE-2007-0133 | SQL-Injection vulnerability in iG Shop Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter. | 7.5 |
| 2007-01-09 | CVE-2007-0132 | SQL Injection vulnerability in Igeneric IG Shop 1.4 SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-09 | CVE-2007-0131 | Authentication Bypass vulnerability in JamWiki Topics Relocation JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki. | 7.5 |
| 2007-01-09 | CVE-2007-0130 | SQL Injection vulnerability in Igeneric IG Calendar 1.0 SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-09 | CVE-2007-0129 | SQL-Injection vulnerability in Locazolist Classifieds SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter. | 7.5 |
| 2007-01-09 | CVE-2007-0128 | SQL-Injection vulnerability in Digirez SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | 7.5 |
| 2007-01-09 | CVE-2007-0116 | Information Disclosure vulnerability in Intranet Open Source Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb. | 7.5 |
| 2007-01-09 | CVE-2007-0112 | SQL Injection vulnerability in CreateAuction Cats.ASP SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2007-01-09 | CVE-2007-0105 | Remote vulnerability in Cisco Secure Access Control Server Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | 7.5 |