Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-10 | CVE-2006-1149 | Remote File Include vulnerability in Owl Intranet Engine PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use. | 7.5 |
| 2006-03-10 | CVE-2006-1148 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Peercast 0.1211/0.1212 Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp. | 7.5 |
| 2006-03-10 | CVE-2006-1141 | Buffer Overflow vulnerability in Inter7 QmailAdmin PATH_INFO Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. | 7.5 |
| 2006-03-10 | CVE-2006-1140 | SQL Injection vulnerability in Redblog 0.5 SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
| 2006-03-10 | CVE-2006-1132 | SQL Injection vulnerability in Vbzoom 1.11 SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. | 7.5 |
| 2006-03-10 | CVE-2006-1129 | Input Validation vulnerability in Ekinboard 1.0.3 SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie. | 7.5 |
| 2006-03-09 | CVE-2006-1124 | Remote Buffer Overflow vulnerability in RevilloC MailServer Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command. | 7.5 |
| 2006-03-09 | CVE-2006-1111 | HTML Injection vulnerability in Aztek Forum Aztek Forum 4.0 Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection. | 7.5 |
| 2006-03-09 | CVE-2006-1109 | SQL Injection vulnerability in Totalecommerce 1.0 SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-03-09 | CVE-2006-1104 | Input Validation vulnerability in Pixelpost Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. | 7.5 |