Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-31 | CVE-2006-4463 | SQL Injection vulnerability in Jetstat.Com JS ASP FAQ Manager 1.10 SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password field). | 7.5 |
| 2006-08-31 | CVE-2006-4462 | Authentication Bypass vulnerability in Gonafish.Com Linkscaffe 2.0/3.0 Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php. | 7.5 |
| 2006-08-31 | CVE-2006-4457 | Remote Security vulnerability in phpEcard PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | 7.5 |
| 2006-08-31 | CVE-2006-4456 | Remote File Include vulnerability in PHPECard Functions.PHP PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | 7.5 |
| 2006-08-30 | CVE-2006-4452 | Remote File Include vulnerability in Web3news PHPSECURITYADMIN_PATH PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter. | 7.5 |
| 2006-08-30 | CVE-2006-4451 | Unspecified vulnerability in CJ Design CJ TAG Board 3.0 Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php. | 7.5 |
| 2006-08-30 | CVE-2006-4447 | Local Privilege Escalation vulnerability in Multiple X.Org Products SetUID X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. | 7.2 |
| 2006-08-29 | CVE-2006-4443 | Remote File Include vulnerability in Alstrasoft Video Share Enterprise 4.0 PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter. | 7.5 |
| 2006-08-29 | CVE-2006-4441 | Remote Security vulnerability in Ay System Solutions Cms Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. | 7.5 |
| 2006-08-29 | CVE-2006-4440 | Remote Security vulnerability in Ay System Solutions Cms PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter. | 7.5 |