Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-05 | CVE-2006-2214 | SQL Injection vulnerability in 4Images Image Gallery Management System 1.7.1 Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in (1) top.php and (2) member.php. | 7.5 |
2006-05-04 | CVE-2006-2183 | Local Security vulnerability in Truecrypt Foundation Truecrypt 4.1 Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command. | 7.2 |
2006-05-04 | CVE-2006-2179 | Input Validation vulnerability in CyberBuild Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm. | 7.5 |
2006-05-04 | CVE-2006-2172 | Commands Remote Buffer Overflow vulnerability in Gene6 G6 FTP Server 3.1 Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as demonstrated by the Infigo FTPStress Fuzzer. | 7.5 |
2006-05-04 | CVE-2006-2168 | Authentication Bypass vulnerability in FileProtection Express 1.0/1.0.1 FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1. | 7.5 |
2006-05-04 | CVE-2006-2164 | SQL-Injection vulnerability in Avactis Shopping Cart Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. | 7.5 |
2006-05-03 | CVE-2006-2157 | SQL Injection vulnerability in Plogger 2.1 SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". | 7.5 |
2006-05-03 | CVE-2006-2154 | Local Privilege Escalation vulnerability in EMC Dantz Retrospect Backup Server EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. | 7.2 |
2006-05-03 | CVE-2006-2152 | Remote File Include vulnerability in Advanced GuestBook Addentry.PHP PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | 7.5 |
2006-05-03 | CVE-2006-2151 | Remote Security vulnerability in Phpbb Toplist PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | 7.5 |