Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-19 | CVE-2006-4871 | SQL Injection vulnerability in Keyvan1 Eshoppingpro 1.0 SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter. | 7.5 |
| 2006-09-19 | CVE-2006-4337 | Remote vulnerability in Gzip 1.3.5 Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. | 7.5 |
| 2006-09-19 | CVE-2006-4336 | Remote vulnerability in Gzip 1.3.5 Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. | 7.5 |
| 2006-09-19 | CVE-2006-4335 | Remote vulnerability in Gzip 1.3.5 Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability." | 7.5 |
| 2006-09-19 | CVE-2006-4870 | Remote File Include vulnerability in Aewebworks Aedating 4.0 Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php. | 7.5 |
| 2006-09-19 | CVE-2006-4869 | Code Injection vulnerability in Perlunity PHPunity Postcard PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter. | 7.5 |
| 2006-09-19 | CVE-2006-4867 | SQL Injection vulnerability in GNUTurk T_ID Parameter SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum." | 7.5 |
| 2006-09-19 | CVE-2006-4862 | SQL Injection vulnerability in EasyPage Default.ASPX SQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page. | 7.5 |
| 2006-09-19 | CVE-2006-4861 | SQL-Injection vulnerability in Mohammed Mehdi Panjwani Complain Center 1 SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp. | 7.5 |
| 2006-09-19 | CVE-2006-4859 | Unspecified vulnerability in Limbo CMS Limbo CMS 1.0.4.1/1.0.4.2/1.0.4.2L Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression. | 7.5 |