Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-04 | CVE-2007-0058 | Information Exposure vulnerability in Cisco Network Admission Control Manager and Server System Software Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file. | 7.8 |
| 2007-01-04 | CVE-2007-0053 | SQL Injection vulnerability in autoDealer Detail.ASP SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | 7.5 |
| 2007-01-04 | CVE-2007-0052 | SQL Injection vulnerability in Vizayn Haber Haberdetay.ASP SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-04 | CVE-2007-0049 | Unspecified vulnerability in Geckovich Tasktracker and Tasktracker PRO Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. | 7.5 |
| 2007-01-03 | CVE-2007-0046 | Remote Security vulnerability in Reader Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | 7.5 |
| 2007-01-03 | CVE-2007-0016 | Buffer Errors vulnerability in Netfarer Movieplay 4.76 Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file. | 7.5 |
| 2006-12-31 | CVE-2006-7231 | SQL Injection vulnerability in Civica Software Civica SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. | 7.5 |
| 2006-12-31 | CVE-2006-6916 | Denial-Of-Service vulnerability in Direct Web Remoting Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." | 7.5 |
| 2006-12-31 | CVE-2006-6913 | Security Bypass vulnerability in phpMyFAQ Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. | 7.5 |
| 2006-12-31 | CVE-2006-6912 | SQL Injection vulnerability in PHPmyfaq SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. | 7.5 |