Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-29 | CVE-2006-6812 | Remote File Include vulnerability in Myphpcalendar 10.1 Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php. | 7.5 |
2006-12-29 | CVE-2006-6809 | Remote File Include vulnerability in Buratinable Templator Process.PHP Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter. | 7.5 |
2006-12-28 | CVE-2006-6807 | SQL Injection vulnerability in Ananda Real Estate List.ASP SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter. | 7.5 |
2006-12-28 | CVE-2006-6806 | SQL-Injection vulnerability in Enthrallweb Emates 1.0 SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2006-12-28 | CVE-2006-6805 | SQL-Injection vulnerability in eJobs SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2006-12-28 | CVE-2006-6804 | SQL Injection vulnerability in Dragon Business Directory Bus_Details.ASP SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2006-12-28 | CVE-2006-6803 | SQL Injection vulnerability in Enthrallweb Ecars 1.0 SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter. | 7.5 |
2006-12-28 | CVE-2006-6802 | SQL Injection vulnerability in Enthrallweb ePages Actualpic.ASP SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter. | 7.5 |
2006-12-28 | CVE-2006-6799 | Remote Command Execution vulnerability in Cacti CMD.PHP SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. | 7.5 |
2006-12-28 | CVE-2006-6795 | Remote File Include vulnerability in Myphpnuke MY Egallery 2.5.6 PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | 7.5 |