Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-01-03 | CVE-2006-0067 | SQL Injection vulnerability in VEGO Links Builder Login Script SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2006-01-03 | CVE-2006-0066 | SQL Injection vulnerability in PHPjournaler 1.0 SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter. | 7.5 |
2006-01-03 | CVE-2006-0065 | SQL Injection vulnerability in VEGO Web Forum Theme_ID SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php. | 7.5 |
2006-01-03 | CVE-2006-0064 | Code Injection vulnerability in Devellion Cubecart PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. | 7.5 |
2005-12-31 | CVE-2005-4875 | Information Exposure vulnerability in Typo3 0.4.1/1.1/3.7.0 TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables. | 7.5 |
2005-12-31 | CVE-2005-4873 | Buffer Errors vulnerability in Cups 1.1.23 Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c. | 7.5 |
2005-12-31 | CVE-2005-4868 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 Universal Database Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | 7.1 |
2005-12-31 | CVE-2005-4864 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable. | 7.2 |
2005-12-31 | CVE-2005-4863 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter. | 7.2 |
2005-12-31 | CVE-2005-4861 | Improper Authentication vulnerability in Jasio.Net Ragnarok Online Control Panel 4.3.4A functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | 7.5 |