Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-17 | CVE-2006-4217 | Remote Security vulnerability in Webinsta Cms PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196. | 7.5 |
2006-08-17 | CVE-2006-4214 | SQL Injection vulnerability in ZEN Cart ZEN Cart Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php). | 7.5 |
2006-08-17 | CVE-2006-4213 | Unspecified vulnerability in David Kent Norman Thatware PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | 7.5 |
2006-08-17 | CVE-2006-4212 | Multiple vulnerability in B0Zz and Chris Vincent OWL Intranet Engine 0.90 SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-08-17 | CVE-2006-4207 | Remote File Include vulnerability in Discloser Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php. | 7.5 |
2006-08-17 | CVE-2006-4205 | Remote File Include vulnerability in Webdynamite Projectbutler 0.8.4 Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php. | 7.5 |
2006-08-17 | CVE-2006-4204 | Code Injection vulnerability in PHProjekt Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php. | 7.5 |
2006-08-17 | CVE-2006-4203 | Remote File Include vulnerability in Mambo Email Publisher Help.MMP.PHP PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-17 | CVE-2006-4202 | SQL Injection vulnerability in Spidey Blog Script PID Parameter SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 |
2006-08-17 | CVE-2006-4201 | Remote Arbitrary Command Execution vulnerability in HP Openview Storage Data Protector 5.1/5.5 Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation. | 7.5 |