Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-18 | CVE-2006-1804 | SQL-Injection vulnerability in PHPmyadmin 2.7.0Pl1/2.8.0.3 SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. | 7.5 |
| 2006-04-18 | CVE-2006-1800 | Remote Arbitrary Command Execution vulnerability in Simplebbs 1.0.6/1.0.7/1.1 Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log. | 7.5 |
| 2006-04-18 | CVE-2006-1799 | Remote Arbitrary Command Execution vulnerability in Censtore censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | 7.5 |
| 2006-04-18 | CVE-2006-1798 | SQL Injection vulnerability in Rateit 2.2 SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote attackers to execute arbitrary SQL commands via the rateit_id parameter. | 7.5 |
| 2006-04-17 | CVE-2006-1794 | SQL Injection vulnerability in Mambo Open Source SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). | 7.6 |
| 2006-04-17 | CVE-2006-1793 | Remote Code Execution vulnerability in Runcms 1.1/1.1A Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. | 7.6 |
| 2006-04-14 | CVE-2006-1791 | Cross-Site Scripting vulnerability in JL Webworks Quickblogger 1.4 Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. | 7.5 |
| 2006-04-14 | CVE-2006-1727 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview". | 7.6 |
| 2006-04-14 | CVE-2006-1724 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. | 7.5 |
| 2006-04-14 | CVE-2006-1723 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. | 7.5 |