Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-05 | CVE-2006-2822 | SQL-Injection vulnerability in Xfairguy Codeavalanche Freeforum 1.0 SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
| 2006-06-05 | CVE-2006-2819 | Remote File Include vulnerability in Igloo PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter. | 7.5 |
| 2006-06-05 | CVE-2006-2818 | Remote File Include vulnerability in Cameron Mckay Informium 0.12.0 PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter. | 7.5 |
| 2006-06-05 | CVE-2006-2817 | SQL Injection vulnerability in Tekno.Portal Bolum.PHP SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-06-05 | CVE-2006-2814 | Buffer Overflow vulnerability in IShopCart Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data. | 7.5 |
| 2006-06-05 | CVE-2006-2813 | Directory Traversal vulnerability in IShopCart Easy-Scart.CGI Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. | 7.8 |
| 2006-06-05 | CVE-2006-2811 | Remote File Include vulnerability in Cantico Ovidentia 5.8.0 Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. | 7.5 |
| 2006-06-05 | CVE-2006-2806 | Denial Of Service vulnerability in Apache James 2.2.0 The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. | 7.8 |
| 2006-06-03 | CVE-2006-2801 | Input Validation vulnerability in Unak CMS Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters. | 7.5 |
| 2006-06-03 | CVE-2006-2797 | SQL-Injection vulnerability in PHPcommunitycalendar 4.0.3 Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php. | 7.5 |