Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-01 | CVE-2006-0947 | Cross-Site Scripting vulnerability in Thomson SpeedTouch 500 Series Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. | 7.5 |
2006-03-01 | CVE-2006-0944 | Authentication Bypass vulnerability in Archangelmgt Weblog 0.90.02 Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. | 7.5 |
2006-03-01 | CVE-2006-0943 | SQL-Injection vulnerability in Pwsphp 1.2.3 SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
2006-03-01 | CVE-2006-0942 | SQL Injection vulnerability in PwsPHP SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509. | 7.5 |
2006-03-01 | CVE-2006-0940 | Input Validation vulnerability in Cynical Games Shoutlive 1.1.0 Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php. | 7.5 |
2006-03-01 | CVE-2006-0939 | SQL Injection vulnerability in Dci-Designs Dci-Taskeen 1.03 SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php. | 7.5 |
2006-02-28 | CVE-2006-0919 | SQL-Injection vulnerability in OI Email Marketing System 3.0 SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | 7.5 |
2006-02-28 | CVE-2006-0918 | Remote Buffer Overflow vulnerability in Ritlabs the BAT 3.60.07 Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field. | 7.5 |
2006-02-28 | CVE-2006-0916 | Information Disclosure vulnerability in Bugzilla User Credentials Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. | 7.5 |
2006-02-28 | CVE-2006-0915 | Unspecified vulnerability in Mozilla Bugzilla 2.16.10 Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error. | 7.5 |