Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-13 | CVE-2006-1772 | Local Database Administrator Password Disclosure vulnerability in Debian Linux 3.1 debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password. | 7.2 |
| 2006-04-13 | CVE-2006-1771 | Directory Traversal vulnerability in Saxopress URL Parameter Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. | 7.5 |
| 2006-04-13 | CVE-2006-1767 | Remote File Include vulnerability in Indexu 5.0/5.0.1 Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php. | 7.5 |
| 2006-04-13 | CVE-2006-1764 | Information Disclosure vulnerability in Hosting Controller Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. | 7.8 |
| 2006-04-13 | CVE-2006-1762 | Input Validation vulnerability in Blursoft Blur6Ex 0.3.462 Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. | 7.5 |
| 2006-04-13 | CVE-2006-1758 | Input Validation vulnerability in Bill Shupp Vegadns 0.99 SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
| 2006-04-13 | CVE-2006-1756 | SQL Injection vulnerability in Matthew Dingley MD News 1 MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. | 7.5 |
| 2006-04-13 | CVE-2006-1755 | SQL Injection vulnerability in Matthew Dingley MD News 1 SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-04-13 | CVE-2006-1754 | SQL Injection vulnerability in Swsoft Confixx 3.0.6/3.0.8/3.1.2 SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter. | 7.5 |
| 2006-04-12 | CVE-2006-1751 | SQL Injection vulnerability in Michiel VAN Baak Mvblog Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |