Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-19 | CVE-2006-0324 | SQL Injection vulnerability in Webspot Webspotblogging 3.0 SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php. | 7.5 |
| 2006-01-19 | CVE-2006-0320 | SQL Injection vulnerability in Bit 5 Blog SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter. | 7.5 |
| 2006-01-19 | CVE-2006-0318 | SQL Injection vulnerability in Insane Visions Blogphp 1.0 SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | 7.5 |
| 2006-01-19 | CVE-2006-0314 | SQL-Injection vulnerability in pdfdirectory PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities. | 7.5 |
| 2006-01-19 | CVE-2006-0313 | SQL Injection vulnerability in PDFDirectory Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php. | 7.5 |
| 2006-01-19 | CVE-2006-0308 | Code Injection vulnerability in Htmltonuke 2.0Alpha PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter. | 7.5 |
| 2006-01-19 | CVE-2006-0305 | Remote Administrative Access vulnerability in Clipcomm Cp-100E Voip Wifi Phone and Cpw-100E Voip Wifi Phone Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware 1.1.12 (051129) and CP-100E VoIP 802.11b Wireless Phone running firmware 1.1.60 allows remote attackers to gain unauthorized access via the debug service on TCP port 60023. | 7.5 |
| 2006-01-19 | CVE-2006-0304 | Remote Buffer Overflow vulnerability in Achal Dhir Dual Dhcp DNS Server 1.0 Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field. | 7.5 |
| 2006-01-18 | CVE-2006-0255 | Local Privilege Escalation vulnerability in Checkpoint Vpn-1 4.1 Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. | 7.2 |
| 2006-01-18 | CVE-2006-0252 | SQL Injection vulnerability in Benders Calendar SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters. | 7.5 |