Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-10 | CVE-2006-2279 | SQL Injection vulnerability in Arabless Saphplesson 3.0 Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters in (b) misc.php. | 7.5 |
2006-05-10 | CVE-2006-0561 | Unspecified vulnerability in Cisco Secure Access Control Server Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. | 7.2 |
2006-05-10 | CVE-2006-0034 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. | 7.5 |
2006-05-10 | CVE-2006-0027 | Remote Code Execution vulnerability in Microsoft Exchange Server Calendar Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. | 7.5 |
2006-05-09 | CVE-2006-2275 | Improper Locking vulnerability in multiple products Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer." | 7.5 |
2006-05-09 | CVE-2006-2042 | SQL Injection vulnerability in Adobe Dreamweaver Generated Code Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models. | 7.5 |
2006-05-09 | CVE-2006-2270 | Remote File Include vulnerability in Jetbox CMS 2.1 PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter. | 7.5 |
2006-05-09 | CVE-2006-2268 | SQL Injection vulnerability in Flexcustomer 0.0.1/0.0.4 SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. | 7.5 |
2006-05-09 | CVE-2006-2266 | SQL Injection vulnerability in Chirpy 0.1 SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
2006-05-09 | CVE-2006-2263 | SQL Injection vulnerability in Virtual Programming Vp-Asp 6.00 SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |