Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-20 | CVE-2006-1917 | SQL Injection vulnerability in Blackorpheus Clanmemberskript 1.0 SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter. | 7.5 |
| 2006-04-20 | CVE-2006-1910 | Unspecified vulnerability in S9Y Serendipity 1.0Beta2 config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. | 7.5 |
| 2006-04-20 | CVE-2006-1907 | SQL-Injection vulnerability in myEvent Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. | 7.5 |
| 2006-04-20 | CVE-2006-1905 | Remote Format String vulnerability in Xine Playlist Handling Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. | 7.5 |
| 2006-04-20 | CVE-2006-1900 | Remote Buffer Overflow vulnerability in W3C Amaya 9.4 Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets." | 7.6 |
| 2006-04-20 | CVE-2006-1890 | Code Injection vulnerability in Mywebland Myevent 1.2/1.4 Multiple PHP remote file inclusion vulnerabilities in myWebland myEvent 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter in (1) event.php and (2) initialize.php. | 7.5 |
| 2006-04-20 | CVE-2006-1877 | Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5/9.2.0.7 Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB13. | 7.2 |
| 2006-04-20 | CVE-2006-1874 | Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5/9.2.0.6 Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. | 7.5 |
| 2006-04-20 | CVE-2006-1872 | Multiple vulnerability in Oracle April 2006 Security Update Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07. | 7.5 |
| 2006-04-20 | CVE-2006-1868 | Buffer Errors vulnerability in Oracle Database Server 10.1.0.4 Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package, aka Vuln# DB03. | 7.5 |