Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-29 | CVE-2006-3314 | Remote File Include vulnerability in RahnemaCo Page.PHP PageID PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter. | 7.5 |
| 2006-06-29 | CVE-2006-3309 | SQL Injection vulnerability in Scout Portal Tool Kit ForumTopics.PHP SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |
| 2006-06-29 | CVE-2006-3307 | Input Validation vulnerability in Zoid Technologies Project Eros Bbsengine 20060223 Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php. | 7.5 |
| 2006-06-29 | CVE-2006-3304 | SQL Injection vulnerability in DeluxeBB CP.PHP SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter. | 7.5 |
| 2006-06-29 | CVE-2006-3300 | Remote File Include vulnerability in PHPMySMS Gateway.PHP PHP remote file inclusion vulnerability in sms_config/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | 7.5 |
| 2006-06-29 | CVE-2006-3296 | Input Validation vulnerability in George Currums Open Guestbook 0.5 SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | 7.5 |
| 2006-06-28 | CVE-2006-3292 | Input Validation vulnerability in Jaws 0.6.2 SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field). | 7.5 |
| 2006-06-28 | CVE-2006-3287 | Multiple Security vulnerability in Cisco Wireless Control System Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). | 7.5 |
| 2006-06-28 | CVE-2006-3286 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). | 7.5 |
| 2006-06-28 | CVE-2006-3285 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40) The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). | 7.5 |