Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-19 | CVE-2006-0772 | SQL Injection vulnerability in Hitachi Business Logic 0203/0300 SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. | 7.5 |
2006-02-18 | CVE-2006-0769 | Local Privilege Escalation vulnerability in SUN Solaris 10.0 Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors. | 7.2 |
2006-02-18 | CVE-2006-0759 | Unspecified vulnerability in Hivemail Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled. | 7.5 |
2006-02-18 | CVE-2006-0757 | Unspecified vulnerability in Hivemail Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators. | 7.5 |
2006-02-18 | CVE-2006-0750 | SQL Injection vulnerability in Supersmashbrothers Army System 2.1.0Foripb SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php. | 7.5 |
2006-02-17 | CVE-2006-0460 | Buffer Overflow vulnerability in BomberClone Error Messages Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages. | 7.5 |
2006-02-16 | CVE-2006-0679 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke EV 7.8 SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). | 7.5 |
2006-02-16 | CVE-2006-0729 | SQL Injection vulnerability in Teca Scripts Teca Diary Personal1.0 SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters. | 7.5 |
2006-02-16 | CVE-2006-0728 | SQL Injection vulnerability in WebSPELL Search.PHP SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter. | 7.5 |
2006-02-16 | CVE-2006-0727 | SQL Injection vulnerability in Musox DF Msanalysis 1.0.1 SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name. | 7.5 |