Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-28 | CVE-2006-6794 | SQL Injection vulnerability in Efkan Forum Efkan Forum 1.0 SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter. | 7.5 |
2006-12-28 | CVE-2006-6793 | Remote File Include vulnerability in Okul Merkezi Okul Merkezi Portal 1.0 PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
2006-12-28 | CVE-2006-6792 | SQL Injection vulnerability in Calendar MX Basic Calendar_Detail.ASP SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2006-12-28 | CVE-2006-6791 | SQL Injection vulnerability in Chatwm 1.0 SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters. | 7.5 |
2006-12-28 | CVE-2006-6790 | Remote Code Execution vulnerability in Ultimate PHP Board Username Parameter Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php. | 7.5 |
2006-12-28 | CVE-2006-6789 | Remote File Include vulnerability in PHPbbxtra 2.0 PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-12-28 | CVE-2006-6788 | Remote File Include vulnerability in Luckybot 3 Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php. | 7.5 |
2006-12-28 | CVE-2006-6787 | SQL Injection vulnerability in Newsletter MX admin_mail_adressee.ASP SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2006-12-28 | CVE-2006-6785 | Authentication Bypass vulnerability in Open Newsletter Open Newsletter 2.0 The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability. | 7.5 |
2006-12-28 | CVE-2006-6784 | SQL Injection vulnerability in Netbula Anyboard 9.9.5.6 SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form. | 7.5 |