Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-06 | CVE-2006-3364 | SQL-Injection vulnerability in Blog Cms SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-07-06 | CVE-2006-3359 | Input Validation vulnerability in Newsphp 2006Pro Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php; and the (5) category parameter in (b) inc/rss_feed.php. | 7.5 |
| 2006-07-06 | CVE-2006-3357 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings. | 7.5 |
| 2006-07-06 | CVE-2006-3355 | Remote Buffer Overflow vulnerability in Mpg123 Pre0.59Sr11 Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. | 7.5 |
| 2006-07-05 | CVE-2006-2194 | Local Privilege Escalation vulnerability in PPPD Winbind Plugin The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges. | 7.2 |
| 2006-07-03 | CVE-2006-3349 | SQL-Injection vulnerability in Sms Script Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php. | 7.5 |
| 2006-07-03 | CVE-2006-3348 | SQL-Injection vulnerability in Swsoft Hspcomplete 3.2.2 Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php. | 7.5 |
| 2006-07-03 | CVE-2006-3347 | SQL Injection vulnerability in Devilz Clanportal Devilz Clanportal 1.3.4 SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-07-03 | CVE-2006-3346 | SQL Injection vulnerability in Carlos Sanchez Valle Mynewsgroups 0.6 SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter. | 7.5 |
| 2006-07-03 | CVE-2006-3343 | Remote File Include vulnerability in Crisoft Ricette Crisoft Ricette 1.0Pre15B PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter. | 7.5 |