Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-18 | CVE-2006-3595 | Authentication Bypass vulnerability in Cisco Router web Setup 3.3.0Build30 The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190. | 7.5 |
| 2006-07-18 | CVE-2006-3594 | Remote vulnerability in Cisco Unified CallManager Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. | 7.5 |
| 2006-07-13 | CVE-2006-3135 | SQL-Injection vulnerability in Hotwebscripts CMS Mundo 1.0Build008 Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update. | 7.5 |
| 2006-07-13 | CVE-2006-3580 | SQL Injection vulnerability in ASP Stats Generator Pages.ASP SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter. | 7.5 |
| 2006-07-13 | CVE-2006-3577 | SQL Injection vulnerability in Lifetype 1.0.5 SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op. | 7.5 |
| 2006-07-13 | CVE-2006-3576 | SQL Injection vulnerability in Sensesites Commonsense CMS 5.0 SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. | 7.5 |
| 2006-07-13 | CVE-2006-3572 | Input Validation vulnerability in Papoo SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter. | 7.5 |
| 2006-07-13 | CVE-2006-3565 | Input Validation vulnerability in HiveMail SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter. | 7.5 |
| 2006-07-13 | CVE-2006-3562 | Code Injection vulnerability in Plume-Cms Plume CMS 1.0.4 PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725. | 7.5 |
| 2006-07-13 | CVE-2006-3560 | SQL Injection vulnerability in Blue Dojo Graffiti Forums 1.0 SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f parameter. | 7.5 |