Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-30 | CVE-2006-1506 | Local Security vulnerability in Grid Engine Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges. | 7.2 |
2006-03-30 | CVE-2006-1501 | SQL Injection vulnerability in Oneorzero 1.6.3.0 SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action. | 7.5 |
2006-03-30 | CVE-2006-1500 | SQL Injection vulnerability in Tilde CMS 3.0 SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-03-30 | CVE-2006-1499 | SQL Injection vulnerability in Source Workshop Vcounter 1.0 SQL injection vulnerability in vCounter.php in vCounter 1.0 allows remote attackers to execute arbitrary SQL commands via the URI (_SERVER[REQUEST_URI] variable). | 7.5 |
2006-03-30 | CVE-2006-1495 | SQL Injection vulnerability in PhpCollab Sendpassword.PHP SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option. | 7.5 |
2006-03-29 | CVE-2006-1491 | Code Injection vulnerability in Horde Application Framework Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | 7.5 |
2006-03-29 | CVE-2006-1489 | SQL Injection vulnerability in Fusionzone Couponzone 4.2 Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) companyid, (2) scat, and (3) coid parameters. | 7.5 |
2006-03-29 | CVE-2006-1484 | Local Privilege Escalation vulnerability in Genius VideoCAM NB Genius VideoCAM NB Driver does not drop privileges when saving files, which allows local users to gain privileges by opening arbitrary files via the "save as" dialog. | 7.2 |
2006-03-29 | CVE-2006-1478 | File-Upload vulnerability in Turnkey web Tools PHP Live Helper 1.8 Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php. | 7.5 |
2006-03-29 | CVE-2006-1477 | Remote File Include vulnerability in Turnkey web Tools PHP Live Helper 1.8 Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php. | 7.5 |