Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-31 | CVE-2006-4580 | Remote vulnerability in the Address Book the Address Book 1.04E register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm". | 7.5 |
2006-12-31 | CVE-2006-4578 | Remote vulnerability in the Address Book the Address Book 1.04E export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information. | 7.5 |
2006-12-31 | CVE-2006-4575 | Remote vulnerability in the Address Book the Address Book 1.04E Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php. | 7.5 |
2006-12-31 | CVE-2006-4097 | Remote vulnerability in Cisco Secure Access Control Server Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. | 7.8 |
2006-12-29 | CVE-2006-6826 | Remote Security vulnerability in Personal .Net Portal Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak." | 7.5 |
2006-12-29 | CVE-2006-6825 | Information Disclosure vulnerability in Calendar MX BASIC Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. | 7.5 |
2006-12-29 | CVE-2006-6823 | Remote File Include vulnerability in Yrch 1.0 PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 7.5 |
2006-12-29 | CVE-2006-6818 | Unspecified vulnerability in Alstrasoft Webhost Directory AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. | 7.5 |
2006-12-29 | CVE-2006-6816 | SQL Injection vulnerability in Dmxready Secure Login Manager 1.0 Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo. | 7.5 |
2006-12-29 | CVE-2006-6813 | SQL Injection vulnerability in Mxmania File Upload Manager Detail.ASP SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |