Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-31 | CVE-2006-4481 | Input Validation vulnerability in PHP The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. | 7.2 |
| 2006-08-31 | CVE-2006-4478 | SQL Injection vulnerability in Visualshapers Ezcontents 2.0.3 SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter. | 7.5 |
| 2006-08-31 | CVE-2006-4477 | Remote File Include vulnerability in Visualshapers Ezcontents 2.0.3 Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php. | 7.5 |
| 2006-08-31 | CVE-2006-3125 | Remote Code Execution vulnerability in GTetrinet Index Out of Bounds Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows remote attackers to execute arbitrary code via a packet specifying a negative number of players, which is used as an array index. | 7.5 |
| 2006-08-31 | CVE-2006-4476 | Code Injection vulnerability in Joomla 1.0.9 Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. | 7.5 |
| 2006-08-31 | CVE-2006-4475 | Permissions, Privileges, and Access Controls vulnerability in Joomla 1.0.9 Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. | 7.5 |
| 2006-08-31 | CVE-2006-4472 | Unspecified vulnerability in Joomla Joomla! Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | 7.5 |
| 2006-08-31 | CVE-2006-4470 | Unspecified vulnerability in Joomla Joomla! Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. | 7.5 |
| 2006-08-31 | CVE-2006-4469 | Unspecified vulnerability in Joomla Joomla! Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." | 7.5 |
| 2006-08-31 | CVE-2006-4467 | Directory Traversal vulnerability in Simple Machines Forum Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. | 7.5 |