Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-03 | CVE-2006-5669 | Remote File Include vulnerability in Gepi 1.4.0 PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. | 7.5 |
2006-11-03 | CVE-2006-5668 | Information Disclosure vulnerability in Ampache Guest Account Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access. | 7.5 |
2006-11-03 | CVE-2006-5667 | Remote Security vulnerability in P-Book Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.php. | 7.5 |
2006-11-03 | CVE-2006-5666 | SQL Injection vulnerability in Asmir Alic E Annu 1.0 SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. | 7.5 |
2006-11-03 | CVE-2006-5665 | Remote File Include vulnerability in PHPBB Spider Friendly Module PHPBB_ROOT_PATH Parameter PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-11-03 | CVE-2006-5662 | SQL Injection vulnerability in Evandor Easy Notesmanager 0.0.1 SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows remote attackers to execute arbitrary SQL commands via (1) the username parameter in login.php and (2) a search on the "search page." | 7.5 |
2006-11-03 | CVE-2006-5660 | Authentication Bypass vulnerability in Cisco Security Agent Management Center 5.1 Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server. | 7.5 |
2006-11-03 | CVE-2006-5658 | Multiple vulnerability in Studio Achtundachtzig Bloomooweb Activex Control 1.0.9 BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method. | 7.6 |
2006-11-03 | CVE-2006-5655 | SQL Injection vulnerability in Opendocman 1.2P3 SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2006-11-01 | CVE-2006-4517 | Resource Management Errors vulnerability in Novell Imanager Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference. | 7.8 |