Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-07 | CVE-2006-6377 | Unspecified vulnerability in Uploadscript Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt. | 7.5 |
| 2006-12-07 | CVE-2006-6376 | Directory Traversal vulnerability in Onedotoh Simple File Manager 0.24A Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code. | 7.5 |
| 2006-12-07 | CVE-2006-6374 | Remote Security vulnerability in PHPmyadmin 2.7.0Pl2 Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. | 7.5 |
| 2006-12-07 | CVE-2006-6370 | SQL-Injection vulnerability in Invision Power Services Invision Gallery 2.0.7 SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php. | 7.5 |
| 2006-12-07 | CVE-2006-6369 | SQL-Injection vulnerability in Invision Power Services Invision Community Blog 1.2.4 SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. | 7.5 |
| 2006-12-07 | CVE-2006-6368 | Remote File Include vulnerability in Awrate 1.0 PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php. | 7.5 |
| 2006-12-07 | CVE-2006-6367 | SQL Injection vulnerability in Duware Dudownload, Dunews and Dupaypal Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. | 7.5 |
| 2006-12-07 | CVE-2006-6365 | SQL Injection vulnerability in DUware DUpaypal Pro SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. | 7.5 |
| 2006-12-07 | CVE-2006-6360 | Remote File Include vulnerability in Sergey Korostel PHP Upload Center 2.0 PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter. | 7.5 |
| 2006-12-07 | CVE-2006-6358 | Input Validation vulnerability in Stefan Frech Online-Bookmarks 0.6.12 SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. | 7.5 |