Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-28 | CVE-2006-6154 | Remote File Include vulnerability in HIOX Star Rating System Addcode.PHP PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | 7.5 |
| 2006-11-28 | CVE-2006-6151 | Remote File Include vulnerability in Messagerie Locale Messagerie Locale 1.0 PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
| 2006-11-28 | CVE-2006-6150 | Remote File Include vulnerability in Owllib 1.0 PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter. | 7.5 |
| 2006-11-28 | CVE-2006-6149 | SQL Injection vulnerability in Jiros FAQ Manager 1.0 SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter. | 7.5 |
| 2006-11-28 | CVE-2006-6147 | Input Validation vulnerability in Jiros Links Manager 1.0 Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp. | 7.5 |
| 2006-11-28 | CVE-2006-6140 | Remote Security vulnerability in Sisfo Kampus Sisfo Kampus 2006 PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execute arbitrary PHP code via a URL in the slnt parameter to (1) index.php and (2) print.php. | 7.5 |
| 2006-11-28 | CVE-2006-6137 | Remote File Include vulnerability in Sisfo Kampus Sisfo Kampus 0.8 Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php. | 7.5 |
| 2006-11-28 | CVE-2006-6134 | Buffer Errors vulnerability in Microsoft Windows Media Player 10.00.00.4036 Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. | 7.5 |
| 2006-11-28 | CVE-2006-6133 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. | 7.6 |
| 2006-11-27 | CVE-2006-5750 | Directory Traversal vulnerability in JBoss Java Class DeploymentFileRepository Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager. | 7.5 |