Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-19 | CVE-2006-4895 | Authentication Bypass vulnerability in Idevspot Nixieaffiliate 1.9 IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php. | 7.5 |
| 2006-09-19 | CVE-2006-4892 | SQL Injection vulnerability in Techno Dreams FAQ Manager Package 1.0 SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
| 2006-09-19 | CVE-2006-4891 | SQL Injection vulnerability in Techno Dreams Articles and Papers Package ArticlesTableview.ASP SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
| 2006-09-19 | CVE-2006-4890 | Remote File Include vulnerability in UNAK-CMS Dirroot Parameter Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php. | 7.5 |
| 2006-09-19 | CVE-2006-4887 | Remote Desktop Local Authentication Bypass vulnerability in Apple Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. | 7.2 |
| 2006-09-19 | CVE-2006-4885 | Remote Security vulnerability in Shadowed Portal PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. | 7.5 |
| 2006-09-19 | CVE-2006-4882 | SQL Injection vulnerability in Charon Internet Charon Cart 3 SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter. | 7.5 |
| 2006-09-19 | CVE-2006-4879 | Input Validation vulnerability in PHP-Post SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | 7.5 |
| 2006-09-19 | CVE-2006-4876 | Input Validation vulnerability in Jupiter CMS Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register. | 7.5 |
| 2006-09-19 | CVE-2006-4872 | SQL Injection vulnerability in Keyvan1 Ecardpro 2.0 SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 7.5 |