Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-25 | CVE-2006-0412 | SQL Injection vulnerability in Gencbeyin web Programlama Cybershop SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | 7.5 |
| 2006-01-25 | CVE-2006-0408 | Local Privilege Escalation vulnerability in SUN Grid Engine 6.0 rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments. | 7.2 |
| 2006-01-25 | CVE-2006-0403 | SQL Injection vulnerability in E-Moblog 1.3 Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. | 7.5 |
| 2006-01-25 | CVE-2006-0402 | SQL Injection vulnerability in Zoph 0.3.3/0.4 SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands. | 7.5 |
| 2006-01-22 | CVE-2006-0376 | Remote Security vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place. | 7.5 |
| 2006-01-22 | CVE-2006-0374 | Improper Authentication vulnerability in Advantage Century Telecommunication P202S 1.01.21Firmware1.1.21 Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513). | 7.5 |
| 2006-01-22 | CVE-2006-0372 | SQL Injection vulnerability in Insane Visions Blogphp 1.0 Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie. | 7.5 |
| 2006-01-22 | CVE-2006-0368 | Remote Denial Of Service vulnerability in Cisco CallManager Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. | 7.8 |
| 2006-01-22 | CVE-2006-0359 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Counterpath Eyebeam SIP Softphone Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call. | 7.5 |
| 2006-01-22 | CVE-2006-0358 | Cross-Site Scripting vulnerability in Powerportal 1.1B/1.3/1.3B Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. | 7.5 |