Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-26 | CVE-2006-5521 | Remote File Include vulnerability in Net_DNS RR.PHP PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. | 7.5 |
2006-10-26 | CVE-2006-5520 | Remote File Include vulnerability in Deltascripts PHP Classifieds 7.1 PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter. | 7.5 |
2006-10-26 | CVE-2006-5518 | Remote File Include vulnerability in RSSonate Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/. | 7.5 |
2006-10-26 | CVE-2006-5517 | Code Injection vulnerability in Rhode Island Secretary of State Open Meetings Filing System Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php. | 7.5 |
2006-10-26 | CVE-2006-5514 | SQL Injection vulnerability in Web Group Communication Center Quiz.PHP SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter. | 7.5 |
2006-10-26 | CVE-2006-5513 | SQL Injection vulnerability in GeoNetwork Opensource Login SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors. | 7.5 |
2006-10-25 | CVE-2006-5382 | Information Disclosure vulnerability in 3Com Superstack 3 Switch 4400 Firmware5.11/Firmware6.00 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned. | 7.5 |
2006-10-25 | CVE-2006-5509 | Unspecified vulnerability in Woltlab Burning Book 1.1.2 Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter. | 7.5 |
2006-10-25 | CVE-2006-5508 | SQL-Injection vulnerability in Woltlab Burning Book 1.1.2 Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header. | 7.5 |
2006-10-25 | CVE-2006-5507 | Code Injection vulnerability in DER Dirigent DER Dirigent 1.0.3 Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/. | 7.5 |