Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-08 | CVE-2006-4630 | Remote File Include vulnerability in MySpeach JScript.PHP PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter. | 7.5 |
| 2006-09-08 | CVE-2006-4629 | Remote File Include vulnerability in C-News Path Parameter PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 7.5 |
| 2006-09-07 | CVE-2006-4626 | Remote LHA Buffer Overflow vulnerability in Avast! Antivirus Engine Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow. | 7.5 |
| 2006-09-07 | CVE-2006-4622 | Remote File Include vulnerability in Comscripts Annoncev 1.1 PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
| 2006-09-07 | CVE-2006-4621 | Remote Security vulnerability in Bare Concept Media Pheap CMS 1.1 PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. | 7.5 |
| 2006-09-07 | CVE-2006-4617 | File-Upload vulnerability in vtiger CRM Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder. | 7.5 |
| 2006-09-07 | CVE-2006-4612 | SQL Injection vulnerability in John Andersson Zixforum 1.12 SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter. | 7.5 |
| 2006-09-07 | CVE-2006-4611 | Buffer Overflow vulnerability in DSocks Name Variable Buffer overflow in the _tor_resolve function in dsocks.c in dsocks before 1.4 allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long node name. | 7.5 |
| 2006-09-07 | CVE-2006-4607 | Input Validation vulnerability in Longino Jacome PHP-Revista 1.1.2 admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1. | 7.5 |
| 2006-09-07 | CVE-2006-4606 | Input Validation vulnerability in Longino Jacome PHP-Revista 1.1.2 Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php. | 7.5 |