Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-31 | CVE-2006-1557 | SQL Injection vulnerability in Skintech X-Changer 0.20 Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id parameter in an edit action to index.php. | 7.5 |
| 2006-03-31 | CVE-2006-1555 | Authentication Bypass vulnerability in Tachyon Vsns Lemon 3.2.0 VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic. | 7.5 |
| 2006-03-30 | CVE-2006-1550 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in DIA Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth. | 7.6 |
| 2006-03-30 | CVE-2006-1547 | Unspecified vulnerability in Apache Commons Beanutils and Struts ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. | 7.5 |
| 2006-03-30 | CVE-2006-1543 | SQL Injection vulnerability in Vscripts Vnews 1.2 Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) loginvar parameter in (a) admin/admin.php, and the (2) news and (3) nom parameters in (b) news.php. | 7.5 |
| 2006-03-30 | CVE-2006-1541 | SQL Injection vulnerability in EzASPSite Default.ASP SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter. | 7.8 |
| 2006-03-30 | CVE-2006-1539 | Local Privilege Escalation vulnerability in Bsd-Games Tetris-Bsd Gold Multiple buffer overflows in the checkscores function in scores.c in tetris-bsd in bsd-games before 2.17-r1 in Gentoo Linux might allow local users with games group membership to gain privileges by modifying tetris-bsd.scores to contain crafted executable content, which is executed when another user launches tetris-bsd. | 7.5 |
| 2006-03-30 | CVE-2006-1536 | SQL Injection vulnerability in Phxcontacts 0.93/0.93.1 Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php. | 7.5 |
| 2006-03-30 | CVE-2006-1534 | SQL Injection vulnerability in Null News Multiple SQL injection vulnerabilities in Null news allow remote attackers to execute arbitrary SQL commands via (1) the user_email parameter in (a) lostpass.php, and the (2) user_email and (3) user_username parameters in (b) sub.php and (c) unsub.php. | 7.5 |
| 2006-03-30 | CVE-2006-1533 | SQL Injection vulnerability in Sourceworkshop Newsletter 1.0 SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter. | 7.5 |