Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-12 | CVE-2006-5257 | Remote File Include vulnerability in Ciamos CMS Config.PHP PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter. | 7.5 |
2006-10-12 | CVE-2006-5256 | Remote File Include vulnerability in Claroline Import.lib.PHP PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. | 7.5 |
2006-10-12 | CVE-2006-5254 | Remote File Include vulnerability in Extended Registration Component mosConfig_absolute_path PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-10-12 | CVE-2006-5253 | Remote Security vulnerability in Dayana Networks PHPonline 2.1 PHP remote file inclusion vulnerability in strload.php in Dayana Networks phpOnline (aka PHP-Online) 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the LangFile parameter. | 7.5 |
2006-10-12 | CVE-2006-5251 | Remote File Include vulnerability in Deep CMS Deep CMS 2.0A PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. | 7.5 |
2006-10-12 | CVE-2006-5249 | Remote File Include vulnerability in Tagit Tagboard 2.1.Bbuild2 PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter. | 7.5 |
2006-10-12 | CVE-2006-5248 | Information Disclosure vulnerability in Eazy Cart Eazy Cart 2.01 Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. | 7.8 |
2006-10-12 | CVE-2006-5245 | Security Bypass vulnerability in Eazy Cart Eazy Cart allows remote attackers to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/. | 7.5 |
2006-10-12 | CVE-2006-5243 | Remote File Include vulnerability in Easy Doc Doc_Directory Parameter Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts. | 7.5 |
2006-10-12 | CVE-2006-5242 | SQL Injection vulnerability in Etomite 0.6 SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |