Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-13 | CVE-2006-0654 | Input Validation vulnerability in Hinton Design PHPht Topsites 1.3 check.php in Hinton Design phpht Topsites 1.3 does not validate passwords when using cookies, which allows remote attackers to bypass authentication via unspecified cookies. | 7.5 |
| 2006-02-13 | CVE-2006-0653 | Input Validation vulnerability in Hinton Design PHPht Topsites 1.3 Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter. | 7.5 |
| 2006-02-13 | CVE-2006-0651 | SQL Injection vulnerability in vwdev SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page. | 7.5 |
| 2006-02-13 | CVE-2006-0056 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pam-Mysql Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. | 7.5 |
| 2006-02-10 | CVE-2006-0645 | Denial of Service vulnerability in GNUTLS LibTASN1 DER Decoding Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. | 7.5 |
| 2006-02-10 | CVE-2006-0644 | Remote Command Execution vulnerability in Cpg-Nuke Dragonfly CMS 9.0.6.1 Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php. | 7.5 |
| 2006-02-10 | CVE-2006-0637 | Remote Security vulnerability in Qualcomm Eudora Worldmail 3.0 Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows remote attackers to execute arbitrary code via an IMAP APPEND command with a long message literal argument, as demonstrated by Worldmail.pl. | 7.5 |
| 2006-02-10 | CVE-2006-0636 | Remote Command Execution vulnerability in EyeOS Session desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable. | 7.5 |
| 2006-02-10 | CVE-2006-0628 | Remote Security vulnerability in Dale RAY Myquiz 1.01 myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable. | 7.5 |
| 2006-02-09 | CVE-2006-0626 | SQL Injection vulnerability in Spip 1.8.2G SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter. | 7.5 |