Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-07 | CVE-2006-4605 | Input Validation vulnerability in Longino Jacome PHP-Revista 1.1.2 PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter. | 7.5 |
| 2006-09-07 | CVE-2006-4604 | Remote File Include vulnerability in Lanifex 2.2 PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter. | 7.5 |
| 2006-09-07 | CVE-2006-4603 | Authentication Bypass vulnerability in NCH Software Swift Sound web Dictate 1.02 NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password. | 7.5 |
| 2006-09-07 | CVE-2006-4602 | Remote Command Execution vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4 Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. | 7.5 |
| 2006-09-07 | CVE-2006-4601 | SQL Injection vulnerability in Annuaire 1Two 2.2 SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-09-07 | CVE-2006-4599 | SQL Injection vulnerability in Autentificator 2.01 SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter. | 7.5 |
| 2006-09-07 | CVE-2006-4598 | SQL Injection vulnerability in Sslinks 1.22 Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) go parameter and (2) id parameter in a rate action. | 7.5 |
| 2006-09-07 | CVE-2006-4597 | SQL-Injection vulnerability in ICBlogger SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter. | 7.5 |
| 2006-09-06 | CVE-2006-4594 | Remote File Include vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.20 Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. | 7.5 |
| 2006-09-06 | CVE-2006-4592 | SQL Injection vulnerability in 8Pixel.net SimpleBlog ID Parameter Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism. | 7.5 |