Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-21 | CVE-2006-4920 | Input Validation vulnerability in Site@School Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php. | 7.5 |
2006-09-21 | CVE-2006-4918 | Remote File Include vulnerability in Simple Discussion Board Simple Discussion Board 0.1.0 Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php. | 7.5 |
2006-09-21 | CVE-2006-4916 | SQL Injection vulnerability in ASP Indir Tekman Portal 1.0 SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter. | 7.5 |
2006-09-21 | CVE-2006-4913 | Local File Include vulnerability in Alstrasoft E-Friends 4.85 Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. | 7.5 |
2006-09-21 | CVE-2006-4912 | Remote File Include vulnerability in PHP DocWriter PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter. | 7.5 |
2006-09-21 | CVE-2006-4911 | Unspecified vulnerability in Cisco IPS Sensor Software Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". | 7.5 |
2006-09-21 | CVE-2006-4906 | SQL Injection vulnerability in Marc Logemann More.Groupware 0.74 SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter. | 7.5 |
2006-09-21 | CVE-2006-4905 | Remote Security vulnerability in Artmedic Webdesign Artmedic Links 5.0 PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function. | 7.5 |
2006-09-21 | CVE-2006-4904 | Unspecified vulnerability in Qualiteam X-Cart Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter. | 7.5 |
2006-09-19 | CVE-2006-4898 | Remote File Include vulnerability in Guanxicrm Business Solution 0.9.1 PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter. | 7.5 |