Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-06 | CVE-2006-4591 | Remote File Include vulnerability in Alstrasoft Template Seller 3.25 Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php. | 7.5 |
| 2006-09-06 | CVE-2006-4590 | SQL Injection vulnerability in JetStat JS ASP Faq Manager SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. | 7.5 |
| 2006-09-06 | CVE-2006-4589 | Remote File Include vulnerability in DynCMS X_Admindir PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter. | 7.5 |
| 2006-09-06 | CVE-2006-4588 | HTML Injection and Access Control Bypass vulnerability in Vtiger CRM 4.2/4.2.4 vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. | 7.5 |
| 2006-09-06 | CVE-2006-4584 | SQL Injection And Authentication Bypass vulnerability in TR Forum TR Forum 2.0 Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php. | 7.5 |
| 2006-09-06 | CVE-2006-4583 | Code Injection vulnerability in Darrens 5-Dollar Script Archive Flashchat Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php. | 7.5 |
| 2006-09-06 | CVE-2006-4555 | Remote Buffer Overflow vulnerability in Retro64 CR64Loader ActiveX Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control. | 7.5 |
| 2006-09-06 | CVE-2006-4551 | Input Validation vulnerability in Chxo Feedsplitter 20060121 Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed. | 7.5 |
| 2006-09-06 | CVE-2006-4548 | Remote Security vulnerability in e107 e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. | 7.5 |
| 2006-09-06 | CVE-2006-4544 | Remote File Include vulnerability in Exbb 1.9.1 Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. | 7.5 |