Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-21 | CVE-2006-6671 | SQL Injection vulnerability in Maxiasp Burak Yilmaz Download Portal 0 SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-12-20 | CVE-2006-6667 | SQL-Injection vulnerability in VerliAdmin Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. | 7.5 |
| 2006-12-20 | CVE-2006-6666 | Remote File Include vulnerability in VerliAdmin PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter. | 7.5 |
| 2006-12-20 | CVE-2006-6661 | Remote Security vulnerability in Php-Update Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters. | 7.5 |
| 2006-12-20 | CVE-2006-6648 | Remote File Include vulnerability in PanetLuc.Com RateMe Main.Inc.PHP PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter. | 7.5 |
| 2006-12-20 | CVE-2006-6645 | Remote File Include vulnerability in MXBB Web Links Module MX_Root_Path PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | 7.5 |
| 2006-12-20 | CVE-2006-6642 | SQL Injection vulnerability in Contra Haber Sistemi Contra Haber Sistemi 1.0 SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-12-20 | CVE-2006-6475 | Denial of Service and Agent Hijacking vulnerability in Mandiant First Response FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception. network mandiant | 7.1 |
| 2006-12-20 | CVE-2006-6502 | Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors. network mozilla | 7.1 |
| 2006-12-20 | CVE-2006-6641 | Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server. | 7.5 |