Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2006-12-23 CVE-2006-6716 SQL Injection vulnerability in Eric Guillaume Upload Download DE Fichiers 3
SQL injection vulnerability in administration/administre2.php in Eric GUILLAUME uploader&downloader 3 allows remote attackers to execute arbitrary SQL commands via the id_user parameter.
network
low complexity
eric-guillaume
7.5
2006-12-23 CVE-2006-6714 Multiple vulnerability in Hitachi Directory Server LDAP Request Handling
Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests.
network
low complexity
hitachi
7.8
2006-12-23 CVE-2006-6711 Remote File Include vulnerability in Newxooper 0.9.1
PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
network
low complexity
newxooper
7.5
2006-12-23 CVE-2006-6710 Code Injection vulnerability in Matteolucarelli Pgmreloaded
Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php.
network
low complexity
matteolucarelli CWE-94
7.5
2006-12-23 CVE-2006-6709 Input Validation vulnerability in MGInternet Property Site Manager
Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp.
network
low complexity
mginternet
7.5
2006-12-23 CVE-2006-6707 Remote Buffer Overflow vulnerability in Mcafee Neotrace and Visual Trace
Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method.
network
low complexity
mcafee
7.5
2006-12-23 CVE-2006-6701 Cross-Site Request Forgery (CSRF) vulnerability in Atmail Webmail 3.0/4.0/4.51
Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.
network
low complexity
atmail CWE-352
7.5
2006-12-22 CVE-2006-6697 HTTP Response Splitting vulnerability in Oracle Application Server Portal 10G/9.0.2
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
network
low complexity
oracle
7.5
2006-12-21 CVE-2006-6694 Remote File Include vulnerability in Scriptsfrenzy.Com E-Uploader PRO 1.0
Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a ..
network
low complexity
scriptsfrenzy-com
7.5
2006-12-21 CVE-2006-6691 Remote File Include vulnerability in Valdersoft Shopping Cart 3.0
Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php.
network
low complexity
valdersoft
7.5