Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-07 | CVE-2006-6354 | Software SQL Injection vulnerability in DUware Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. | 7.5 |
| 2006-12-07 | CVE-2006-6349 | SQL Injection vulnerability in PWP Technologies the Classified AD System Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | 7.5 |
| 2006-12-07 | CVE-2006-6345 | Directory Traversal vulnerability in SAP Internet Graphics Service Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. | 7.5 |
| 2006-12-07 | CVE-2006-6344 | SQL-Injection vulnerability in Seditio Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. | 7.5 |
| 2006-12-07 | CVE-2006-6342 | SQL-Injection vulnerability in Klf-Realty Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. | 7.5 |
| 2006-12-07 | CVE-2006-6341 | Remote File Include vulnerability in MG.Blattl MG.Applanix APX_Root_Path Parameter Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php. | 7.5 |
| 2006-12-07 | CVE-2006-6337 | SQL Injection vulnerability in Aspindir Aspee Ziyaretci Defteri Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | 7.5 |
| 2006-12-06 | CVE-2006-6305 | Unspecified vulnerability in Net-Snmp 5.3 Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access. | 7.5 |
| 2006-12-06 | CVE-2006-6309 | Denial-Of-Service vulnerability in Tivoli Storage Manager Express Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855. | 7.5 |
| 2006-12-05 | CVE-2006-6298 | SQL Injection vulnerability in Maxiasp Yonetimi 1.0 SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters. | 7.5 |