Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-09 | CVE-2006-0624 | SQL Injection vulnerability in Webeveyn Whomp! Real Estate Manager Login SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 |
| 2006-02-09 | CVE-2006-0623 | Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.3.0 QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup. | 7.2 |
| 2006-02-09 | CVE-2006-0621 | Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.2.0 Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands. | 7.2 |
| 2006-02-09 | CVE-2006-0611 | Directory Traversal vulnerability in Atmail 4.3 Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. | 7.5 |
| 2006-02-09 | CVE-2006-0610 | SQL Injection vulnerability in 2200Net Calendar 1.2 Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php. | 7.5 |
| 2006-02-08 | CVE-2006-0608 | Input Validation And Authentication Bypass vulnerability in Hinton Design PHPhd 1.0 Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to check.php or (2) unknown attack vectors to scripts that display information from the database. | 7.5 |
| 2006-02-08 | CVE-2006-0607 | Input Validation And Authentication Bypass vulnerability in Hinton Design PHPhd 1.0 check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication. | 7.5 |
| 2006-02-08 | CVE-2006-0606 | Input Validation vulnerability in Unknown Domain Shoutbox 20050721 SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2006-02-08 | CVE-2006-0604 | Input Validation vulnerability in Hinton Design PHPhg Guestbook 1.2 check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access. | 7.5 |
| 2006-02-08 | CVE-2006-0602 | SQL Injection vulnerability in Hinton Design PHPhg Guestbook 1.2 Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php. | 7.5 |