Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-14 | CVE-2006-0209 | SQL Injection vulnerability in Tanklogger 2.4 SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php. | 7.5 |
| 2006-01-13 | CVE-2006-0206 | Remote Command Execution vulnerability in Light Weight Calendar Light Weight Calendar 1.0 Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php. | 7.5 |
| 2006-01-13 | CVE-2006-0199 | SQL Injection vulnerability in Mini-Nuke CMS System SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | 7.5 |
| 2006-01-13 | CVE-2006-0192 | SQL Injection vulnerability in Philip Loftin Aspsurvey 1.10 SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. | 7.5 |
| 2006-01-13 | CVE-2006-0190 | Privilege Escalation vulnerability in SUN Solaris 10.0/9.0 Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver. | 7.2 |
| 2006-01-13 | CVE-2006-0189 | Remote Buffer Overflow vulnerability in Estara Softphone 3.0.1.14/3.0.1.46 Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060. | 7.5 |
| 2006-01-12 | CVE-2006-0184 | SQL-Injection vulnerability in Asptopsites Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp. | 7.5 |
| 2006-01-12 | CVE-2006-0182 | Security Bypass vulnerability in Acal Calendar Project 2.2.5 login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside". | 7.5 |
| 2006-01-12 | CVE-2006-0181 | Unspecified vulnerability in Cisco Cs-Mars 4.1/4.1.2 Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. | 7.2 |
| 2006-01-11 | CVE-2006-0178 | Local Command Line Argument Buffer Overflow vulnerability in Cray Unicos 9.0.2.2 Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. | 7.2 |