Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-28 | CVE-2006-6783 | Improper Authentication vulnerability in Logahead UNU 1.0 logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. | 7.5 |
2006-12-28 | CVE-2006-6780 | Input Validation vulnerability in Hlstats 1.20/1.34 SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter. | 7.5 |
2006-12-28 | CVE-2006-6776 | Input Validation vulnerability in Future Internet Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm. | 7.5 |
2006-12-27 | CVE-2006-6773 | Unspecified vulnerability in Fishyshoop 0.930Beta pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1. | 7.5 |
2006-12-27 | CVE-2006-6766 | SQL-Injection vulnerability in Cwm-Design Cwmexplorer 1.0 Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-12-27 | CVE-2006-6763 | Remote Security vulnerability in Keep IT Simple Guest Book Keep IT Simple Guest Book 5.0 Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php. | 7.5 |
2006-12-27 | CVE-2006-6760 | Code Injection vulnerability in PHPmymanga Multiple PHP remote file inclusion vulnerabilities in template.php in Phpmymanga 0.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) actionsPage or (2) formPage parameter. | 7.5 |
2006-12-27 | CVE-2006-6757 | Information Disclosure vulnerability in Cwm-Design Cwmexplorer 1.0 Directory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter. | 7.8 |
2006-12-27 | CVE-2006-6752 | Local Buffer Overflow vulnerability in Ftprush 1.0.0.610 Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. | 7.5 |
2006-12-27 | CVE-2006-6748 | Code Injection vulnerability in Newxooper PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | 7.5 |