Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-21 | CVE-2006-4238 | SQL Injection vulnerability in WTCom Web Torrent SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode. | 7.5 |
2006-08-21 | CVE-2006-4237 | Remote Pageheaderdefault.Inc.PHP Remote File Include vulnerability in Invisionix Roaming System PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter. | 7.5 |
2006-08-21 | CVE-2006-4236 | Remote File Include vulnerability in Powergap Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after "shopid=" or "sid=" in the PATH_INFO. | 7.5 |
2006-08-21 | CVE-2006-4235 | Buffer Overflow vulnerability in Sony SonicStage Mastering Studio Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. | 7.5 |
2006-08-21 | CVE-2006-0948 | Local Privilege Escalation vulnerability in AOL 9.04184.2340 AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. | 7.2 |
2006-08-18 | CVE-2006-4234 | Remote File Include vulnerability in DotProject Query.Class.PHP PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. | 7.5 |
2006-08-18 | CVE-2006-4230 | Remote File Include vulnerability in Lizge web Portal 0.20 Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters. | 7.5 |
2006-08-18 | CVE-2006-4229 | Remote Security vulnerability in Moslistmessenger Component PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-18 | CVE-2006-4219 | Unspecified vulnerability in Microsoft IE 6.0 The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. | 7.5 |
2006-08-17 | CVE-2006-4218 | File Include vulnerability in Zen Cart Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter. | 7.5 |