Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-31 | CVE-2006-5624 | Remote File Include vulnerability in Mpcs 0.5.0 Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. | 7.5 |
2006-10-31 | CVE-2006-5623 | Remote File Include vulnerability in EE Tool Ip.Inc.PHP PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter. | 7.5 |
2006-10-31 | CVE-2006-5622 | SQL Injection vulnerability in Coppermine Photo Gallery 1.4.9 SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. | 7.5 |
2006-10-31 | CVE-2006-5621 | Code Injection vulnerability in ASK Rave ASK Rave PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter. | 7.5 |
2006-10-31 | CVE-2006-5620 | Remote File Include vulnerability in Minibill 1.22/1.23 PHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[page_dir] parameter, a different vector than CVE-2006-4489. | 7.5 |
2006-10-31 | CVE-2006-5606 | SQL Injection vulnerability in Bytesfall Explorer Bytesfall Explorer Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors. | 7.5 |
2006-10-31 | CVE-2006-4248 | Unspecified vulnerability in Acme Labs Thttpd 2.25B thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file. | 7.2 |
2006-10-31 | CVE-2006-5617 | Information Disclosure vulnerability in Thepeak File Upload Manager 1.3 Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a .. | 7.5 |
2006-10-31 | CVE-2006-5615 | Remote File Include vulnerability in Textpattern 1.19 PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter. | 7.5 |
2006-10-31 | CVE-2006-5613 | Remote File Include vulnerability in MP3 Streaming Downsampler MP3 Streaming Downsampler 3.0 PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter | 7.5 |