Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-10 | CVE-2006-2286 | Code Injection vulnerability in Dokeos and Dokeos Community Release Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_path, (4) extAuthSource, (5) thisAuthSource, (6) main_configuration_file_path, (7) phpDigIncCn, and (8) drs parameters to (a) testheaderpage.php and (b) resourcelinker.inc.php. | 6.8 |
| 2006-05-10 | CVE-2006-2285 | Remote File Include vulnerability in Claroline PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. | 5.1 |
| 2006-05-10 | CVE-2006-2284 | Remote File Include vulnerability in Claroline Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php. | 6.8 |
| 2006-05-10 | CVE-2006-2283 | Remote File Include vulnerability in PHPRaid Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) auth.php and (2) auth_phpbb when the phpBB portal is enabled, and via a URL in the smf_root_path parameter in (3) auth.php and (4) auth_SMF when the SMF portal is enabled. | 7.5 |
| 2006-05-10 | CVE-2006-2282 | HTML Injection vulnerability in X7 Group X7 Chat 2.0.2 Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php. network x7-group | 4.3 |
| 2006-05-10 | CVE-2006-2281 | Code Injection vulnerability in X-Scripts X-Poll 2.30 X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it. | 7.5 |
| 2006-05-10 | CVE-2006-2280 | Unspecified vulnerability in Openengine 1.7.1/1.8Beta2 Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. | 5.0 |
| 2006-05-10 | CVE-2006-2279 | SQL Injection vulnerability in Arabless Saphplesson 3.0 Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters in (b) misc.php. | 7.5 |
| 2006-05-10 | CVE-2006-2278 | Remote Security vulnerability in Arabless Saphplesson 3.0 SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php. | 5.0 |
| 2006-05-10 | CVE-2006-2277 | Remote Denial Of Service vulnerability in Apple Mac OS X ImageIO OpenEXR Image File Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file. | 5.0 |