Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-14 | CVE-2006-6553 | Remote File Include vulnerability in Mxbb Newssuite 1.03 PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6552 | Remote Security vulnerability in PHP Blog CMS 4.1.3 PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6551 | Remote Security vulnerability in Tucows Client Code Suite 1.2.1015 PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6546 | Remote File Include vulnerability in Cutenews Aj-Fork Cutenews Aj-Fork Beta PHP remote file inclusion vulnerability in inc/shows.inc.php in cutenews aj-fork (CN:AJ) 167f and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6545 | Remote Security vulnerability in PHP Errordocs 1.0.0 PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6543 | SQL-Injection vulnerability in Appintellect Spotlight CRM 1.0 Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) login (UserName) and possibly (2) password parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6542 | SQL-Injection vulnerability in Fantastic News SQL injection vulnerability in news.php in Fantastic News 2.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-12-14 | CVE-2006-6538 | Denial-Of-Service vulnerability in D-Link Dwl-2000Ap+ 2.11 D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. | 7.8 |
| 2006-12-14 | CVE-2006-6537 | Security Bypass vulnerability in Websphere Host On-Demand IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html. | 7.5 |
| 2006-12-14 | CVE-2006-6533 | Input Validation vulnerability in Oscommerce 3.0A3 Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. | 7.5 |