Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-19 | CVE-2006-1291 | Unspecified vulnerability in PHP Icalendar PHP Icalendar publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. | 7.5 |
| 2006-03-19 | CVE-2006-1289 | Input Validation vulnerability in Milkeyway Captive Portal 0.1/0.1.1 Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5) status, (6) teamname, and (7) teamlead parameters in (a) auth.php; the (8) username, (9) action, and (10) filter parameters in (b) authuser.php; the (11) username parameter in (c) utils.php; the (12) id and (13) date parameters in (d) traffic.php; the (14) username parameter in (e) userstatistics.php; and the (15) USERNAME and (16) PASSWORD parameters in a cookie to (f) chgpwd.php. | 7.5 |
| 2006-03-19 | CVE-2006-1288 | SQL-Injection vulnerability in Invision Power Services Invision Power Board 2.0.4/2.1.4 Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php. | 7.5 |
| 2006-03-19 | CVE-2006-1280 | Information Disclosure vulnerability in CGI::Session CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files. | 7.5 |
| 2006-03-19 | CVE-2006-1274 | Local Privilege Escalation vulnerability in Avira Antivir Personal 7 Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports. | 7.2 |
| 2006-03-19 | CVE-2006-1271 | SQL Injection vulnerability in Oxynews SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter. | 7.5 |
| 2006-03-19 | CVE-2006-1268 | Denial Of Service vulnerability in Funkwerk X2300 7.2.1 The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite. | 7.8 |
| 2006-03-19 | CVE-2006-1265 | SQL Injection vulnerability in Xhawk.Net Discussion 2.0Beta2 SQL injection vulnerability in discussion.class.php in xhawk.net discussion 2.0 beta2 allows remote attackers to execute arbitrary SQL commands via the view parameter. | 7.5 |
| 2006-03-19 | CVE-2006-1262 | Input Validation vulnerability in Aspportal 3.0.0 Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. | 7.5 |
| 2006-03-19 | CVE-2006-1259 | SQL-Injection vulnerability in Maian Support 1.0 Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php. | 7.5 |