Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-22 | CVE-2006-6049 | Remote File Include vulnerability in Shabmo2 Component Shambo2.PHP PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2006-11-22 | CVE-2006-6041 | Code Injection vulnerability in Laurent VAN DEN Reysen Work System E-Commerce Multiple PHP remote file inclusion vulnerabilities in Laurent Van den Reysen WORK system e-commerce 3.0.2, and other versions before 3.0.4, allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to (1) index.php, (2) module/forum/forum.php, (3) unspecified files under module/, and (4) unspecified files under administration/module/. | 7.5 |
| 2006-11-22 | CVE-2006-6039 | SQL Injection vulnerability in Powie PHP Matchmaker 4.05 SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter. | 7.5 |
| 2006-11-22 | CVE-2006-6038 | SQL Injection vulnerability in Powie Pforum SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-11-22 | CVE-2006-6036 | SQL-Injection vulnerability in Emreturk Openhuman 0.1 SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2006-11-21 | CVE-2006-6034 | SQL-Injection vulnerability in Sitesoutlet E-Commerce Kit-1 Paypaledition Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp. | 7.5 |
| 2006-11-21 | CVE-2006-6033 | Directory Traversal vulnerability in Sphpblog 0.4.8 Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. | 7.5 |
| 2006-11-21 | CVE-2006-6031 | SQL-Injection vulnerability in Aspcart Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp. | 7.5 |
| 2006-11-21 | CVE-2006-6030 | SQL-Injection vulnerability in Futuretec E-Calendar PRO 3.0 Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. | 7.5 |
| 2006-11-21 | CVE-2006-6029 | SQL Injection vulnerability in Property PRO Property PRO 1.0 SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field. | 7.5 |