Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2006-12-29 CVE-2006-6812 Remote File Include vulnerability in Myphpcalendar 10.1
Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php.
network
low complexity
myphpcalendar
7.5
7.5
2006-12-29 CVE-2006-6809 Remote File Include vulnerability in Buratinable Templator Process.PHP
Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter.
network
low complexity
vladimir-menshakov
7.5
7.5
2006-12-28 CVE-2006-6807 SQL Injection vulnerability in Ananda Real Estate List.ASP
SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter.
network
low complexity
softwebs-nepal
7.5
7.5
2006-12-28 CVE-2006-6806 SQL-Injection vulnerability in Enthrallweb Emates 1.0
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
network
low complexity
enthrallweb
7.5
7.5
2006-12-28 CVE-2006-6805 SQL-Injection vulnerability in eJobs
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
network
low complexity
enthrallweb
7.5
7.5
2006-12-28 CVE-2006-6804 SQL Injection vulnerability in Dragon Business Directory Bus_Details.ASP
SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
network
low complexity
enthrallweb
7.5
7.5
2006-12-28 CVE-2006-6803 SQL Injection vulnerability in Enthrallweb Ecars 1.0
SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.
network
low complexity
enthrallweb
7.5
7.5
2006-12-28 CVE-2006-6802 SQL Injection vulnerability in Enthrallweb ePages Actualpic.ASP
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
network
low complexity
enthrallweb
7.5
7.5
2006-12-28 CVE-2006-6799 Remote Command Execution vulnerability in Cacti CMD.PHP
SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php.
network
low complexity
the-cacti-group
7.5
7.5
2006-12-28 CVE-2006-6795 Remote File Include vulnerability in Myphpnuke MY Egallery 2.5.6
PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.
network
low complexity
myphpnuke
7.5
7.5