Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-15 | CVE-2006-4824 | Remote File Include vulnerability in Quicksilver Forums Activeutil.PHP PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter. | 7.5 |
| 2006-09-15 | CVE-2006-4823 | Remote File Include vulnerability in Reamday Enterprises Magic News Pro News_page.PHP PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. | 7.5 |
| 2006-09-14 | CVE-2006-4803 | Unspecified vulnerability in Netiq Identity Manager 3.0.1 The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection." | 7.2 |
| 2006-09-14 | CVE-2006-4800 | Buffer Overflow vulnerability in FFmpeg Image File Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. | 7.5 |
| 2006-09-14 | CVE-2006-4437 | PHP Code Injection vulnerability in Tagger LE Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in (1) tags.php, (2) sign.php, and (3) admin/index.php. | 7.5 |
| 2006-09-14 | CVE-2006-4799 | Unspecified vulnerability in Xine Xine-Lib 1.0.1/1.0.2/1.1.0 Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | 7.5 |
| 2006-09-14 | CVE-2006-4793 | SQL Injection vulnerability in Tualblog 1.0 Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 allow remote attackers to execute arbitrary SQL commands, as demonstrated by the icerikno parameter. | 7.5 |
| 2006-09-14 | CVE-2006-4785 | SQL Injection vulnerability in Moodle SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int. | 7.5 |
| 2006-09-14 | CVE-2006-4781 | Remote Denial Of Service vulnerability in Futuresoft Tftp Server Multithreaded 1.1 Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT) 1.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by sending a crafted packet to port 69/UDP, which triggers the overflow when constructing an absolute path name. | 7.5 |
| 2006-09-14 | CVE-2006-4780 | Remote File Include vulnerability in PhpBB XS Functions.PHP PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |