Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-23 | CVE-2006-0870 | SQL Injection vulnerability in MiniNuke CMS Pages.ASP SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-02-23 | CVE-2006-0868 | SQL Injection vulnerability in PEAR::Auth Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers." | 7.5 |
2006-02-23 | CVE-2006-0858 | Local Privilege Escalation vulnerability in Safe'n'Sec Path Specification Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder. | 7.2 |
2006-02-23 | CVE-2006-0856 | SQL Injection vulnerability in Scriptme SME GB Host 1.21 SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter. | 7.5 |
2006-02-23 | CVE-2006-0720 | Buffer Overflow vulnerability in Nullsoft Winamp M3U File Processing Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | 7.6 |
2006-02-23 | CVE-2006-0812 | Local Privilege Escalation vulnerability in VisNetic AntiVirus The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges. | 7.2 |
2006-02-23 | CVE-2006-0854 | Code Injection vulnerability in Intensive Point Iuser Ecommerce PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | 7.5 |
2006-02-23 | CVE-2006-0852 | Remote PHP Script Code Execution vulnerability in Admbook Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php. | 7.5 |
2006-02-23 | CVE-2006-0851 | SQL Injection vulnerability in IlchClan SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost. | 7.5 |
2006-02-23 | CVE-2006-0850 | SQL-Injection vulnerability in ilchClan SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter. | 7.5 |