Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-27 | CVE-2006-5038 | Unspecified vulnerability in Fiwin Ss28S Wifi Voip SIP Skype Phone 20070201 The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. | 7.5 |
| 2006-09-27 | CVE-2006-5032 | Remote File Include vulnerability in PHPartenaire 1.0 PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter. | 7.5 |
| 2006-09-27 | CVE-2006-5030 | SQL Injection vulnerability in ExV2 SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | 7.5 |
| 2006-09-27 | CVE-2006-5029 | SQL-Injection vulnerability in Burning Board SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. | 7.5 |
| 2006-09-27 | CVE-2006-5023 | SQL Injection vulnerability in XWeblog Kategori.ASP SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter. | 7.5 |
| 2006-09-27 | CVE-2006-5022 | Remote File Include vulnerability in Pnews Systems Pnews 1.1.0 PHP remote file inclusion vulnerability in includes/global.php in Joshua Wilson pNews System 1.1.0 (aka PowerNews) allows remote attackers to execute arbitrary PHP code via a URL in the nbs parameter. | 7.5 |
| 2006-09-27 | CVE-2006-5021 | Remote File Include vulnerability in Redblog 0.5 Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. | 7.5 |
| 2006-09-27 | CVE-2006-5020 | Remote File Include vulnerability in SolidState Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php. | 7.5 |
| 2006-09-27 | CVE-2006-5017 | Input Validation vulnerability in E-Vision CMS 1.0 SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter. | 7.5 |
| 2006-09-27 | CVE-2006-5015 | Directory Traversal vulnerability in Kietu 3.2 PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter. | 7.5 |