Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-16 | CVE-2006-5935 | SQL Injection vulnerability in Shopsystems 4.0 SQL injection vulnerability in index.php in ShopSystems 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the sessid parameter. | 7.5 |
| 2006-11-16 | CVE-2006-5934 | SQL Injection vulnerability in Iexpress Estate Agent Manager 1.3 SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field. | 7.5 |
| 2006-11-16 | CVE-2006-5933 | SQL-Injection vulnerability in Ultrasite 1.0 SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-11-16 | CVE-2006-5932 | Authentication Bypass vulnerability in Kahua Shared User Database Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts. | 7.5 |
| 2006-11-16 | CVE-2006-5930 | Remote File Include vulnerability in Aigaion 1.2.1 Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php. | 7.5 |
| 2006-11-16 | CVE-2006-5929 | Remote Security vulnerability in PHPjobscheduler 3.0 PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. | 7.5 |
| 2006-11-16 | CVE-2006-5928 | Remote File Include vulnerability in PHPjobscheduler 3.0 Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter to (1) add-modify.php, (2) delete.php, (3) modify.php, and (4) phpjobscheduler.php. | 7.5 |
| 2006-11-16 | CVE-2006-5927 | SQL Injection vulnerability in ASP Scripter Easy Portal and Live Support SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter. | 7.5 |
| 2006-11-16 | CVE-2006-5926 | SQL Injection vulnerability in Vallheru 1.0.6 Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. | 7.5 |
| 2006-11-15 | CVE-2006-5925 | Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. | 7.5 |