Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-07 | CVE-2006-1028 | Denial-Of-Service vulnerability in Joomla 1.0.7 feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php. | 7.8 |
2006-03-07 | CVE-2006-1026 | Remote Security vulnerability in JFacets JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID. | 7.5 |
2006-03-07 | CVE-2006-1024 | SQL Injection vulnerability in Addsoft Storebot 2005 SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. | 7.5 |
2006-03-07 | CVE-2006-1020 | SQL Injection vulnerability in Johnny Vegas Forum 1.0 SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | 7.5 |
2006-03-07 | CVE-2006-1018 | SQL Injection vulnerability in Dci-Designs Dawaween 1.03 SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. | 7.5 |
2006-03-07 | CVE-2006-1016 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. | 7.5 |
2006-03-07 | CVE-2006-1013 | Unspecified vulnerability in Smartblog 1.2 PHP remote file include vulnerability in index.php in SMartBlog (aka SMBlog) 1.2 allows remote attackers to include and execute arbitrary PHP files via (1) the pg parameter and (2) a query string without a parameter. | 7.5 |
2006-03-06 | CVE-2006-1012 | SQL Injection vulnerability in Wordpress 1.5.2 SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. | 7.5 |
2006-03-06 | CVE-2006-1007 | Input Validation vulnerability in Nathan Landry N8Cms Sitesuite CMS 1.1/1.2 Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) dir and (2) page_id parameter to index.php. | 7.5 |
2006-03-06 | CVE-2006-1006 | SQL Injection vulnerability in Sendcard Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |