Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-08 | CVE-2006-6399 | SQL-Injection vulnerability in Superfreaker Studios Upublisher 1.0 SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. | 7.5 |
| 2006-12-08 | CVE-2006-6398 | SQL-Injection vulnerability in Superfreaker Studios Upublisher 1.0 Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888. | 7.5 |
| 2006-12-08 | CVE-2006-6396 | Buffer Errors vulnerability in Blazevideo Hdtv Player 3.5 Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199. | 7.5 |
| 2006-12-08 | CVE-2006-6394 | Input Validation vulnerability in Publicera SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2006-12-08 | CVE-2006-6392 | Local File Include vulnerability in PLX web Studio PLX PAY 3.0 Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credentials and other sensitive information, via a .. | 7.5 |
| 2006-12-08 | CVE-2006-6387 | Input Validation vulnerability in Link CMS Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. | 7.5 |
| 2006-12-08 | CVE-2006-6385 | Local Privilege Escalation vulnerability in Intel Network Drivers Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers. | 7.2 |
| 2006-12-07 | CVE-2006-6384 | Directory Traversal vulnerability in Abitwhizzy Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of CVE-2006-6084. | 7.8 |
| 2006-12-07 | CVE-2006-6381 | Directory Traversal vulnerability in Ultimate HelpDesk Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2006-12-07 | CVE-2006-6378 | Remote Security vulnerability in Widcomm Btsavemysql 1.2 BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests. | 7.5 |