Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2006-10-13 CVE-2006-5290 Unspecified vulnerability in Xerox products
The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname."
network
low complexity
xerox
7.5
7.5
2006-10-13 CVE-2006-5289 Remote File Include vulnerability in Vtiger CRM 4.2
Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php.
network
low complexity
vtiger
7.5
7.5
2006-10-13 CVE-2006-5285 SQL Injection vulnerability in XeoPort
SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter.
network
low complexity
xeoport
7.5
7.5
2006-10-13 CVE-2006-5283 Remote File Include vulnerability in Minichat 6.0
PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter.
network
low complexity
minichat
7.5
7.5
2006-10-13 CVE-2006-5282 Remote File Include vulnerability in SH-News Scriptpath Parameter
Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php.
network
low complexity
sh-news
7.5
7.5
2006-10-13 CVE-2006-5281 Remote File Include vulnerability in N@Board Naboard_PNR.PHP
PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter.
network
low complexity
navyism
7.5
7.5
2006-10-12 CVE-2006-5263 Local File Include vulnerability in PhpMyAgenda Language
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
phpmyagenda
7.5
7.5
2006-10-12 CVE-2006-5261 Remote File Include vulnerability in PHPMyNews CFG_INCLUDE_DIR
Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cfg_include_dir parameter in (1) disp_form.php3, (2) disp_smileys.php3, (3) little_news.php3, and (4) index.php3 in include/.
network
low complexity
phpmynews
7.5
7.5
2006-10-12 CVE-2006-5260 Remote Security vulnerability in Compteur 2
PHP remote file inclusion vulnerability in compteur.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the cp parameter.
network
low complexity
compteur
7.5
7.5
2006-10-12 CVE-2006-5259 Remote File Include vulnerability in Compteur 2
PHP remote file inclusion vulnerability in param_editor.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the folder parameter.
network
low complexity
compteur
7.5
7.5