Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-27 | CVE-2006-6747 | SQL Injection vulnerability in Dreaxteam Xt-News 0.1 SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | 7.5 |
| 2006-12-26 | CVE-2006-6742 | Denial-Of-Service vulnerability in HP FTP Print Server, Laserjet 5000 and Laserjet 5100 Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command. | 7.8 |
| 2006-12-26 | CVE-2006-6739 | Code Injection vulnerability in Paristemi 0.8.3 PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CVE-2006-6689. | 7.5 |
| 2006-12-26 | CVE-2006-6727 | Code Injection vulnerability in Inertianews PHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | 7.5 |
| 2006-12-26 | CVE-2006-6726 | Code Injection vulnerability in Inertianews 0.02 PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter. | 7.5 |
| 2006-12-26 | CVE-2006-6723 | Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. | 7.8 |
| 2006-12-23 | CVE-2006-6722 | Unspecified vulnerability in Jelle DE VOS Bandwebsite 1.5 Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1. | 7.5 |
| 2006-12-23 | CVE-2006-6720 | Code Injection vulnerability in Azucar CMS Azucar CMS 1.3 PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter. | 7.5 |
| 2006-12-23 | CVE-2006-6718 | Cross-Site Request Forgery vulnerability in AT-9000/24 The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions. | 7.5 |
| 2006-12-23 | CVE-2006-6717 | Unspecified vulnerability in Alliedtelesyn At-9000 24 Ethernetswitch The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations. | 7.5 |