Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-11 | CVE-2006-3517 | Remote File Include vulnerability in RW::Download Stats.PHP PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | 7.5 |
| 2006-07-11 | CVE-2006-3516 | SQL-Injection vulnerability in Freehost Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php. | 7.5 |
| 2006-07-11 | CVE-2006-3515 | SQL Injection vulnerability in Myiosoft.Com Ajaxportal 3.0 SQL injection vulnerability in the loginADP function in ajaxp.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. | 7.5 |
| 2006-07-11 | CVE-2006-1314 | Remote Heap Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. | 7.5 |
| 2006-07-10 | CVE-2006-3491 | Buffer Overflow vulnerability in Kaillera Message Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows remote attackers to execute arbitrary code via a long nickname. | 7.5 |
| 2006-07-10 | CVE-2006-3485 | SQL Injection vulnerability in AstroDog Press Some Chess Board.PHP Multiple SQL injection vulnerabilities in AstroDog Press Some Chess 1.5-RC2 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the gameID parameter in board.php. | 7.5 |
| 2006-07-10 | CVE-2006-3481 | Input Validation vulnerability in Joomla! Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission". | 7.5 |
| 2006-07-10 | CVE-2006-3478 | Remote File Include vulnerability in Myphp CMS Myphp CMS 0.3/0.3.1 PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter. | 7.5 |
| 2006-07-10 | CVE-2006-3475 | Remote File Include vulnerability in Free Qboard Free Qboard 1.1 Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.php or (7) history.php, a different set of vectors than CVE-2006-2998. | 7.5 |
| 2006-07-10 | CVE-2006-3474 | SQL Injection vulnerability in Belchior Foundry Vcard PRO Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php. | 7.5 |