Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-31 | CVE-2006-6835 | SQL-Injection vulnerability in Neocrome Land Down Under 800/801/802 SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php. | 7.5 |
2006-12-31 | CVE-2006-6833 | Cross-Site Scripting vulnerability in Joomla com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | 7.5 |
2006-12-31 | CVE-2006-6831 | SQL-Injection vulnerability in Alan Ward A-Faq 1.0 SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter. | 7.5 |
2006-12-31 | CVE-2006-6830 | Remote File Include vulnerability in Cafelog B2 Blog B2Verifauth.PHP PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter. | 7.5 |
2006-12-31 | CVE-2006-6829 | Information Disclosure vulnerability in Efkan Forum Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. | 7.8 |
2006-12-31 | CVE-2006-6828 | SQL-Injection vulnerability in Efkan Forum Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. | 7.5 |
2006-12-31 | CVE-2006-6488 | Remote Stack Buffer Overflow vulnerability in Iconics Dialog Wrapper Module Activex Control 8.4.165.0 Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. | 7.5 |
2006-12-31 | CVE-2006-5974 | Improper Input Validation vulnerability in Fetchmail 6.3.5/6.3.6 fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions. | 7.8 |
2006-12-31 | CVE-2006-5867 | Improper Input Validation vulnerability in Fetchmail fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. | 7.8 |
2006-12-31 | CVE-2006-5266 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Dynamics GP Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component. | 7.5 |