Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-18 | CVE-2006-6619 | AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | 7.2 |
| 2006-12-18 | CVE-2006-6618 | AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | 7.2 |
| 2006-12-18 | CVE-2006-6615 | Remote File Include vulnerability in Mxbb Activity Games Module 0.92 PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 7.5 |
| 2006-12-18 | CVE-2006-6612 | Remote File Include vulnerability in PHPmycms 0.3 PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter. | 7.5 |
| 2006-12-18 | CVE-2006-6611 | Remote File Include vulnerability in Barman 0.0.1Rc3 PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | 7.5 |
| 2006-12-18 | CVE-2006-6610 | Remote Command Execution and Denial of Service vulnerability in Nexuiz clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection." | 7.5 |
| 2006-12-18 | CVE-2006-6608 | Remote Unauthorized Access vulnerability in HP products Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access." | 7.5 |
| 2006-12-18 | CVE-2006-6606 | SQL Injection vulnerability in Clarens Jclarens 0.6.1 Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2006-12-18 | CVE-2006-5872 | Improper Input Validation vulnerability in DWS Systems Inc. Sql-Ledger 2.6.27 login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program. | 7.5 |
| 2006-12-15 | CVE-2006-6595 | SQL-Injection vulnerability in User Manager Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via "Manage Resources" and possibly other unspecified components. | 7.5 |