Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-12 | CVE-2006-2960 | Remote File Include vulnerability in Joomla 1.0 PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | 7.5 |
2006-06-12 | CVE-2006-2959 | SQL Injection vulnerability in Snitz Forums inc_header.ASP SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie. | 7.5 |
2006-06-12 | CVE-2006-2954 | Input Validation vulnerability in OfficeFlow SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter. | 7.5 |
2006-06-12 | CVE-2006-2943 | Unspecified vulnerability in Cgi-Rescue Webform Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. | 7.5 |
2006-06-09 | CVE-2006-2926 | Remote HTTP Request Buffer Overflow vulnerability in Qbik Wingate 6.1.1.1077 Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request. | 7.5 |
2006-06-09 | CVE-2006-2912 | Input Validation vulnerability in OUT of the Trees web Design Selectapix 1.31 Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php. | 7.5 |
2006-06-09 | CVE-2006-2919 | Remote Memory Corruption Denial of Service vulnerability in Microsoft Netmeeting 3.01 Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption. | 7.8 |
2006-06-08 | CVE-2006-2193 | Remote Buffer Overflow vulnerability in LibTIFF tiff2pdf Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. | 7.5 |
2006-06-08 | CVE-2006-2904 | SQL Injection vulnerability in Particle Soft Particle Links 1.2.2 SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | 7.5 |
2006-06-07 | CVE-2006-2898 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. | 7.5 |