Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-19 | CVE-2006-3092 | Security Bypass vulnerability in PHPmyfactures 1.0 PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. | 7.5 |
2006-06-19 | CVE-2006-3078 | SQL Injection vulnerability in APBoard Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php. | 7.5 |
2006-06-19 | CVE-2006-3075 | Remote File Include vulnerability in Picturedis Photoalbum and Picturedis Professional Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php. | 7.5 |
2006-06-19 | CVE-2006-3065 | SQL-Injection vulnerability in Blursoft Blur6Ex 0.3.462 SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. | 7.5 |
2006-06-19 | CVE-2006-3064 | SQL Injection vulnerability in Coppermine Photo Gallery 1.4.8 SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | 7.5 |
2006-06-19 | CVE-2006-3012 | SQL Injection vulnerability in phpBannerExchange SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php. | 7.5 |
2006-06-16 | CVE-2006-3056 | SQL Injection vulnerability in Vbzoom 1.01 SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter. | 7.5 |
2006-06-16 | CVE-2006-3055 | SQL Injection vulnerability in Vbzoom 1.02 Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php. | 7.5 |
2006-06-16 | CVE-2006-3054 | SQL Injection vulnerability in Vbzoom 1.11 Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php. | 7.5 |
2006-06-16 | CVE-2006-3048 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |