Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-15 | CVE-2006-6594 | SQL-Injection vulnerability in Scriptmate User Manager 2.0 SQL injection vulnerability in utilities/usermessages.asp in ScriptMate User Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the mesid parameter. | 7.5 |
| 2006-12-15 | CVE-2006-6593 | Remote File Include vulnerability in PHPBB Amazonia Component Zufallscodepart.PHP PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
| 2006-12-15 | CVE-2006-6592 | Remote File Include vulnerability in PHP Bloq 0.5.4 Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php. | 7.5 |
| 2006-12-15 | CVE-2006-6591 | Remote Security vulnerability in Exlor 1.0 PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter. | 7.5 |
| 2006-12-15 | CVE-2006-6590 | Remote Security vulnerability in AR Memberscript PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter. | 7.5 |
| 2006-12-15 | CVE-2006-6588 | Remote Security vulnerability in Open For Business Project The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact. | 7.5 |
| 2006-12-15 | CVE-2006-6586 | Remote Security vulnerability in Vblog A0.1Nonfunc Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/. | 7.5 |
| 2006-12-15 | CVE-2006-6583 | Information Disclosure vulnerability in User Manager ScriptMate User Manager 2.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors related to (1) the Logins box and (2) the Search box. | 7.5 |
| 2006-12-15 | CVE-2006-6581 | Improper Input Validation vulnerability in Vernet Loic PHP Debug 1.1.0 PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter. | 7.5 |
| 2006-12-15 | CVE-2006-6578 | Unspecified vulnerability in Microsoft Internet Information Services 5.1 Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. | 7.5 |