Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-31 | CVE-2006-6875 | Buffer Overflow vulnerability in Openser and Openser OSP Module Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header. | 7.5 |
2006-12-31 | CVE-2006-6873 | Scripts Multiple Input Validation vulnerability in Endonesia 8.4 Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation. | 7.5 |
2006-12-31 | CVE-2006-6867 | Remote File Include vulnerability in Vladimir Meshakov Bubla 0.9.1 Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809. | 7.5 |
2006-12-31 | CVE-2006-6866 | Information Disclosure vulnerability in Stphp Easynews 4.0 STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. | 7.8 |
2006-12-31 | CVE-2006-6865 | Directory Traversal vulnerability in Softartisans Fileup 5.0.14 Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. | 7.8 |
2006-12-31 | CVE-2006-6856 | Unspecified vulnerability in Webtext Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. | 7.5 |
2006-12-31 | CVE-2006-6854 | Buffer Overflow vulnerability in QuickCam VC Device Driver for Linux QCAMVC_Video_Init Function The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object. | 7.5 |
2006-12-31 | CVE-2006-6850 | Remote File Include vulnerability in Shadowed Works Shadowed Portal 5.7 PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | 7.5 |
2006-12-31 | CVE-2006-6849 | Remote Security vulnerability in Cahier DE Textes Cahier DE Textes 2.2 administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. | 7.5 |
2006-12-31 | CVE-2006-6848 | SQL Injection vulnerability in Aspticker 1.0 SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | 7.5 |