Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-14 | CVE-2006-6530 | SQL-Injection vulnerability in Help Tip Module SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2006-12-14 | CVE-2006-6529 | Information Disclosure vulnerability in Drupal Chatroom Module 4.7 The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview. | 7.5 |
| 2006-12-14 | CVE-2006-6528 | Remote Security vulnerability in Chatroom Module The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. | 7.5 |
| 2006-12-14 | CVE-2006-6527 | Remote Security vulnerability in gizzar PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6526 | Remote File Include vulnerability in Gizzar PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6525 | SQL-Injection vulnerability in HR Assist SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6524 | SQL-Injection vulnerability in HR Assist SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the Uname (UserName) parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6521 | Input Validation vulnerability in Scriptphp Messageriescripthp 2.0 SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6519 | Input Validation vulnerability in Scriptphp Pronews 1.5 SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6516 | Input Validation vulnerability in KDPics Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) page parameter to (a) index.php3, or the (2) lib_path parameter to (b) authenticate.inc.php3 or (c) lib/exifer/exif.php. | 7.5 |