Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-05 | CVE-2006-5145 | Input Validation vulnerability in Olate Olatedownload 3.4.0 Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php. | 7.5 |
| 2006-10-03 | CVE-2006-5141 | Remote File Include vulnerability in Geotarget Script.PHP PHP remote file inclusion vulnerability in script.php in Kevin A. | 7.5 |
| 2006-10-03 | CVE-2006-5140 | SQL Injection vulnerability in Lappy512 PHP Krazy Image Host Script 0.7A SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-10-03 | CVE-2006-5136 | Input Validation vulnerability in Ubbcentral Ubb.Threads 6.5.1.1 Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter. | 7.5 |
| 2006-10-03 | CVE-2006-5135 | Remote File Include vulnerability in A-Blog 2 Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b) navigation/search.php and (c) navigation/donation.php; and the (6) navigation_start and (7) navigation_middle parameters in navigation/donation.php, (d) navigation/latestnews.php, and (e) navigation/links.php; different vectors than CVE-2006-5092. | 7.5 |
| 2006-10-03 | CVE-2006-5133 | Remote Security vulnerability in Steve Poulsen Guildftpd 0.999.13 Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars." | 7.5 |
| 2006-10-03 | CVE-2006-5132 | Remote Security vulnerability in phpMyAgenda Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009. | 7.5 |
| 2006-10-03 | CVE-2006-5131 | Remote Security vulnerability in Salims Softhouse JAF CMS 4.0 module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php. | 7.5 |
| 2006-10-03 | CVE-2006-5128 | Input Validation vulnerability in ConPresso CMS SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter. | 7.5 |
| 2006-10-03 | CVE-2006-5126 | Remote File Include vulnerability in Powerportal 1.3A PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter. | 7.5 |