Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-25 | CVE-2006-5508 | SQL-Injection vulnerability in Woltlab Burning Book 1.1.2 Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header. | 7.5 |
| 2006-10-25 | CVE-2006-5507 | Code Injection vulnerability in DER Dirigent DER Dirigent 1.0.3 Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/. | 7.5 |
| 2006-10-25 | CVE-2006-5506 | Code Injection vulnerability in Wiclear 0.10 Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/. | 7.5 |
| 2006-10-25 | CVE-2006-5505 | Remote File Include vulnerability in Ben3W 2Bgal 3.0 Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. | 7.5 |
| 2006-10-25 | CVE-2006-5504 | Cross-Site Scripting vulnerability in Simple Machines Forum Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter. network simple-machines | 4.3 |
| 2006-10-25 | CVE-2006-5503 | Cross-Site Scripting vulnerability in Simple Machines Simple Machines Forum 1.1Rc2 Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. network simple-machines | 4.3 |
| 2006-10-25 | CVE-2006-5502 | Buffer Overflow vulnerability in AOL 9.0 Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. | 7.5 |
| 2006-10-25 | CVE-2006-5501 | Buffer Overflow vulnerability in AOL 9.0 Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. | 7.5 |
| 2006-10-25 | CVE-2006-5500 | SQL-Injection vulnerability in XChangeboard Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters. | 5.1 |
| 2006-10-25 | CVE-2006-5499 | Cross-Site Scripting vulnerability in Serendipity Administration Page Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. network serendipity | 6.8 |