Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-27 | CVE-2006-3234 | Input Validation vulnerability in FineShop Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) produkt, (2) id_produc, and (3) id_kat parameters. | 7.5 |
| 2006-06-26 | CVE-2006-3226 | Authentication Bypass vulnerability in Cisco Secure ACS Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." | 7.5 |
| 2006-06-24 | CVE-2006-3221 | SQL Injection vulnerability in DataLife Engine Subaction SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction. | 7.5 |
| 2006-06-24 | CVE-2006-3220 | SQL-Injection vulnerability in Woltlab Burning Board 2.2.1 SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
| 2006-06-24 | CVE-2006-3219 | SQL-Injection vulnerability in Woltlab Burning Board 2.2.2 SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter. | 7.5 |
| 2006-06-24 | CVE-2006-3218 | SQL-Injection vulnerability in Woltlab Burning Board 2.1.6 SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | 7.5 |
| 2006-06-24 | CVE-2006-3213 | SQL Injection vulnerability in Webboa 1.1 SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp. | 7.5 |
| 2006-06-23 | CVE-2006-3198 | Integer Overflow or Wraparound vulnerability in Opera Browser Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended. | 7.5 |
| 2006-06-23 | CVE-2006-3085 | Remote Denial of Service vulnerability in Linux Kernel XT_SCTP-netfilter xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length. | 7.8 |
| 2006-06-23 | CVE-2006-3192 | Remote File Include vulnerability in PHP web Scripts AD Manager PRO 2.6 PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php. | 7.5 |