Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-21 | CVE-2006-1982 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images. | 7.5 |
| 2006-04-21 | CVE-2006-1978 | SQL Injection vulnerability in Flexbb SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter. | 7.5 |
| 2006-04-21 | CVE-2006-1974 | SQL Injection vulnerability in MyBB Index.PHP Referrer Cookie SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. | 7.5 |
| 2006-04-21 | CVE-2006-1964 | SQL Injection vulnerability in Aspsitem 1.83 SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-04-21 | CVE-2006-1962 | SQL Injection vulnerability in Pcpin Chat SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php. | 7.5 |
| 2006-04-21 | CVE-2006-1961 | Local Privilege Escalation vulnerability in Multiple Linux-Based Cisco Products Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). | 7.5 |
| 2006-04-21 | CVE-2006-1959 | Remote File Include vulnerability in ActualScripts Actualanalyzer 2.72/7.63 PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter. | 7.5 |
| 2006-04-20 | CVE-2006-1949 | SQL-Injection vulnerability in Plexcart SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2006-04-20 | CVE-2006-1947 | SQL Injection vulnerability in Plexum Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters. | 7.5 |
| 2006-04-20 | CVE-2006-1919 | Remote File Include vulnerability in Thomas Voecking Internet Photoshow 1.3 PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |