Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-11 | CVE-2006-5863 | Remote File Include vulnerability in LetterIt Session.PHP PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | 7.5 |
| 2006-11-10 | CVE-2006-5821 | Remote vulnerability in Citrix Metaframe and Metaframe Presentation Server Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption. | 7.5 |
| 2006-11-10 | CVE-2006-5850 | Remote Buffer Overflow vulnerability in Essen Essentia web Server 2.15 Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. | 7.5 |
| 2006-11-10 | CVE-2006-5849 | Remote Security vulnerability in Irayoblog 0.2.4Alpha PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter. | 7.5 |
| 2006-11-10 | CVE-2006-5841 | Denial-Of-Service vulnerability in Dodosmail 2.0/2.0.1 Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters. | 7.5 |
| 2006-11-10 | CVE-2006-5839 | Remote Security vulnerability in PHPadventure 1.1Alpha PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter. | 7.5 |
| 2006-11-10 | CVE-2006-5837 | Remote Code Execution vulnerability in Simplechat 1.0.0 Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter. | 7.5 |
| 2006-11-10 | CVE-2006-5836 | Local Denial of Service vulnerability in Opendarwin Darwin Kernel 8.8.1 The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type. | 7.2 |
| 2006-11-10 | CVE-2006-5833 | Unspecified vulnerability in Greenbeast CMS Greenbeast CMS 1.3 gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file. | 7.5 |
| 2006-11-10 | CVE-2006-5831 | Input Validation vulnerability in AIOCP PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter. | 7.5 |