Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-06 | CVE-2006-0563 | SQL-Injection vulnerability in Pluggedout Blog 1.9.9C SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action. | 7.5 |
| 2006-02-04 | CVE-2006-0552 | Multiple vulnerability in Oracle January Security Update Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11. | 7.5 |
| 2006-02-04 | CVE-2006-0551 | SQL-Injection vulnerability in Oracle10g Standard Edition SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2006-02-04 | CVE-2006-0550 | Denial-Of-Service vulnerability in Oracle Client Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. | 7.5 |
| 2006-02-04 | CVE-2006-0549 | SQL-Injection vulnerability in Oracle Database Server 10.1.0.5 SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2006-02-04 | CVE-2006-0548 | SQL-Injection vulnerability in Oracle Database Server 10.1.0.4.2 SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2006-02-04 | CVE-2006-0547 | SQL-Injection vulnerability in Oracle10g Personal Edition Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. | 7.5 |
| 2006-02-04 | CVE-2006-0546 | Remote Security vulnerability in Egeinternet Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. | 7.5 |
| 2006-02-04 | CVE-2006-0545 | SQL Injection vulnerability in UBB.Threads Showflat.PHP SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter. | 7.5 |
| 2006-02-04 | CVE-2006-0544 | Denial Of Service vulnerability in Microsoft IE 7.0 urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. | 7.5 |