Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-09 | CVE-2006-0135 | Input Validation vulnerability in TheWebForum SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable). | 7.5 |
| 2006-01-09 | CVE-2006-0130 | Remote Security vulnerability in MailSite Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account. | 7.5 |
| 2006-01-09 | CVE-2006-0123 | SQL Injection vulnerability in ADN Forum ADN Forum 1.0/1.0B Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors. | 7.5 |
| 2006-01-09 | CVE-2006-0115 | SQL Injection vulnerability in Oneplug Solutions Oneplug CMS Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp. | 7.5 |
| 2006-01-07 | CVE-2006-0108 | SQL-Injection vulnerability in Timecan CMS SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. | 7.5 |
| 2006-01-07 | CVE-2006-0107 | SQL Injection vulnerability in Timecan CMS ViewID SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. | 7.5 |
| 2006-01-06 | CVE-2006-0106 | Remote Security vulnerability in Wine gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. | 7.5 |
| 2006-01-06 | CVE-2006-0099 | Remote File Include vulnerability in Valdersoft Shopping Cart 3.0 PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter. | 7.5 |
| 2006-01-06 | CVE-2006-0097 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. | 7.5 |
| 2006-01-05 | CVE-2006-0094 | Code Injection vulnerability in Oaboard 1.0 PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. | 7.5 |