Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-21 | CVE-2006-0809 | Input Validation vulnerability in Skate Board Skate Board 0.9 Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4) sf_cookie cookie in (b) login.php and (c) logged.php. | 7.5 |
2006-02-21 | CVE-2006-0805 | Unspecified vulnerability in Francisco Burzi PHP-Nuke The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. | 7.5 |
2006-02-21 | CVE-2006-0804 | Buffer Overflow vulnerability in TIN News Reader Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow. | 7.5 |
2006-02-19 | CVE-2006-0797 | Remote Denial of Service vulnerability in Nokia N70 L2CAP Packets Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS). | 7.8 |
2006-02-19 | CVE-2006-0791 | Remote File Include vulnerability in Dreamcost Hostadmin 3.0 PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use. | 7.5 |
2006-02-19 | CVE-2006-0782 | Input Validation and Information Disclosure vulnerability in Perlblog 1.08/1.09/1.09B Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to create arbitrary files and possibly execute arbitrary code via unspecified attack vectors related to improper handling of (1) the reply parameter, possibly involving injection of (2) the name parameter and (3) the body parameter. | 7.5 |
2006-02-19 | CVE-2006-0778 | Unspecified vulnerability in XMB Forum XMB Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. | 7.5 |
2006-02-19 | CVE-2006-0777 | Input Validation vulnerability in Teca Scripts Guestex 1.0 Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters. | 7.5 |
2006-02-19 | CVE-2006-0775 | SQL Injection vulnerability in Ridder Roeland Birthsys 3.1 Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. | 7.5 |
2006-02-19 | CVE-2006-0774 | SQL Injection vulnerability in Lawrence Osiris DB_eSession Class SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID. | 7.5 |