Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-10 | CVE-2006-5193 | Remote File Include vulnerability in RETIRED: WikyBlog PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter. | 7.5 |
2006-10-10 | CVE-2006-5192 | Remote File Include vulnerability in PHPGreetz Footer.PHP PHP remote file inclusion vulnerability in includes/footer.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPGREETZ_INCLUDE_DIR parameter. | 7.5 |
2006-10-10 | CVE-2006-5189 | Remote File Include vulnerability in Klinza Professional CMS Show_Hlp.PHP PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php in klinza professional cms 5.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appl[APPL] parameter. | 7.5 |
2006-10-10 | CVE-2006-5187 | Remote File Include vulnerability in Bulletin Board ACE Bulletin Board ACE 3.4 PHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-10-10 | CVE-2006-5185 | Unspecified vulnerability in Hamweather 3.9.8.3 Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function. | 7.5 |
2006-10-10 | CVE-2006-5183 | Remote Security vulnerability in Dayfox Designs Dayfox Blog 2.0 Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit. | 7.5 |
2006-10-10 | CVE-2006-5182 | Remote File Include vulnerability in Travelsized CMS Frontpage.PHP PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | 7.5 |
2006-10-10 | CVE-2006-5181 | Unspecified vulnerability in Joshua Muheim PHPmywebmin 1.0 Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the target parameter in (1) change_preferences2.php, (2) create_file.php, (3) upload_local.php, and (4) upload_multi.php, different vectors than CVE-2006-5124. | 7.5 |
2006-10-10 | CVE-2006-5180 | Remote Security vulnerability in Newswriter 1.40/1.41 PHP remote file inclusion vulnerability in include/main.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter, a different vector than CVE-2006-5102. | 7.5 |
2006-10-10 | CVE-2006-5175 | Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech Terastation Hd-Htgl Firmware 2.05Beta1 Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. | 7.6 |