Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-27 | CVE-2006-2067 | Input Validation vulnerability in Mkportal 1.1 SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter. | 7.5 |
2006-04-27 | CVE-2006-2065 | SQL Injection vulnerability in PHPSurveyor SurveyID Parameter SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. | 7.5 |
2006-04-27 | CVE-2006-1514 | Remote Buffer Overflow vulnerability in Abcmidi 20041204/20050101 Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript. | 7.5 |
2006-04-26 | CVE-2006-2044 | Local vulnerability in IP3 Networks IP3 Netaccess 75 4.0.34 na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin. | 7.5 |
2006-04-26 | CVE-2006-2039 | SQL Injection vulnerability in Help Center Live OSTicket Module Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2006-04-26 | CVE-2006-2038 | SQL-Injection vulnerability in Ampleshop Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm. | 7.5 |
2006-04-26 | CVE-2006-2034 | Input Validation vulnerability in Flexbb 0.5.5 SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php. | 7.5 |
2006-04-25 | CVE-2006-2022 | Remote Buffer Overflow and Denial Of Service vulnerability in Fenice Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL. | 7.5 |
2006-04-25 | CVE-2006-2020 | Information Disclosure vulnerability in Asterisk Recording Interface Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information. | 7.8 |
2006-04-25 | CVE-2006-2018 | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. | 7.5 |