Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-28 | CVE-2006-3283 | SQL-Injection vulnerability in Datetopia Dating Agent PRO 4.7.1 SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php. | 7.5 |
2006-06-28 | CVE-2006-3280 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." | 7.5 |
2006-06-28 | CVE-2006-3276 | Remote Code Execution vulnerability in RealNetworks Helix DNA Server 10.0/11.0 Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes". | 7.5 |
2006-06-28 | CVE-2006-3275 | SQL Injection vulnerability in Yabb 1.5.1/1.5.2/1.5.4 SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. | 7.5 |
2006-06-28 | CVE-2006-3271 | SQL Injection vulnerability in Softbiz Dating Script 1.0 Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php. | 7.5 |
2006-06-28 | CVE-2006-3270 | SQL-Injection vulnerability in Thorcms 1.3.1 SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. | 7.5 |
2006-06-28 | CVE-2006-3256 | SQL Injection vulnerability in Woltlab Burning Board 2.3.1 SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | 7.5 |
2006-06-28 | CVE-2006-3255 | SQL Injection vulnerability in Woltlab Burning Board 1.2 SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. | 7.5 |
2006-06-28 | CVE-2006-3254 | SQL Injection vulnerability in Woltlab Burning Board 2.0Rc2 SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. | 7.5 |
2006-06-27 | CVE-2006-1469 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image. | 7.5 |