Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-23 | CVE-2006-4297 | SQL Injection vulnerability in Oscommerce 2.2Ms220060817 SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters. | 7.5 |
| 2006-08-23 | CVE-2006-4296 | Remote File Include vulnerability in Mambo BigAPE-Backup Component PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter. | 7.5 |
| 2006-08-23 | CVE-2006-3869 | Buffer Overflow vulnerability in Microsoft IE 6.0 Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. | 7.5 |
| 2006-08-22 | CVE-2006-4287 | Remote File Include vulnerability in NES Game and NES System Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php. | 7.5 |
| 2006-08-22 | CVE-2006-4285 | Code Injection vulnerability in Fscripts Fantastic News PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. | 7.5 |
| 2006-08-22 | CVE-2006-4284 | SQL Injection vulnerability in Lblog 1.05 SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-08-22 | CVE-2006-4283 | Remote File Include vulnerability in RETIRED: SPAW PHP Editor 1.0.6/1.0.7 Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php. | 7.5 |
| 2006-08-22 | CVE-2006-4282 | Remote File Include vulnerability in MamboWiki Component MamboLogin.PHP PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | 7.5 |
| 2006-08-21 | CVE-2006-4281 | Remote File Include vulnerability in Arthur Konze Webdesign Akocomment 1.1 PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2006-08-21 | CVE-2006-4279 | SQL Injection vulnerability in XennoBB Icon_Topic SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icon_topic parameter. | 7.5 |