Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-10 | CVE-2006-0160 | SQL Injection vulnerability in Venom Board Venom Board 1.22 SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3. | 7.5 |
| 2006-01-10 | CVE-2006-0159 | SQL Injection vulnerability in Javier Suarez Sanz Foro Domus 2.10 SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. | 7.5 |
| 2006-01-10 | CVE-2006-0158 | SQL-Injection vulnerability in Sitesuite Cms SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
| 2006-01-10 | CVE-2006-0154 | SQL Injection vulnerability in 427BB Showthread.PHP SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter. | 7.5 |
| 2006-01-10 | CVE-2006-0153 | Authentication Bypass vulnerability in 427BB 427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie. | 7.5 |
| 2006-01-09 | CVE-2006-0151 | sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. | 7.2 |
| 2006-01-09 | CVE-2006-0147 | Remote Security vulnerability in Moodle Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. | 7.5 |
| 2006-01-09 | CVE-2006-0144 | Code Injection vulnerability in multiple products The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. | 7.5 |
| 2006-01-09 | CVE-2006-0143 | Resource Management Errors vulnerability in Microsoft products Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. | 7.5 |
| 2006-01-09 | CVE-2006-0137 | Input Validation vulnerability in Phanatic Softwares Chimera web Portal 0.2 SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |