Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-02 | CVE-2006-0520 | SQL Injection vulnerability in Dragoran Portal Module 1.3 SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. | 7.5 |
| 2006-02-02 | CVE-2006-0517 | SQL Injection vulnerability in SPIP Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions". | 7.5 |
| 2006-02-01 | CVE-2006-0510 | SQL Injection vulnerability in Daffodil Software Daffodil CRM 1.5 SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action. | 7.5 |
| 2006-02-01 | CVE-2006-0502 | Remote File Include vulnerability in FarsiNews Loginout.PHP PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepath parameter. | 7.5 |
| 2006-02-01 | CVE-2006-0500 | Remote Security vulnerability in Punctweb Myco Guestbook 1.0 MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL. | 7.5 |
| 2006-02-01 | CVE-2006-0497 | Cross-Site Scripting vulnerability in PHP GEN Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2006-02-01 | CVE-2006-0492 | SQL Injection vulnerability in Vincent HOR Calendarix 0.6.20050830 Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. | 7.5 |
| 2006-02-01 | CVE-2006-0491 | SQL Injection vulnerability in Subzane Szusermgnt 1.4 SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
| 2006-02-01 | CVE-2006-0490 | SQL Injection vulnerability in ASPThai Forums Login.ASP SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums 8.0 and earlier allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the password field. | 7.5 |
| 2006-01-31 | CVE-2006-0483 | Remote Denial of Service vulnerability in Cisco products Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet. | 7.8 |