Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-14 | CVE-2006-4123 | Remote File Include vulnerability in Boite DE News Boite DE News 4.0.1 PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter. | 7.5 |
| 2006-08-14 | CVE-2006-4122 | Unspecified vulnerability in Simple One-File Guestbook Simple One-File Guestbook Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php. | 7.5 |
| 2006-08-14 | CVE-2006-4114 | SQL Injection vulnerability in PHPMyRing IDSITE SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter. | 7.5 |
| 2006-08-14 | CVE-2006-4112 | Denial of Service vulnerability in Ruby on Rails Routing Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111. | 7.5 |
| 2006-08-14 | CVE-2006-4111 | Code Injection vulnerability in Rubyonrails Rails and Ruby ON Rails Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. | 7.5 |
| 2006-08-14 | CVE-2006-4108 | Input Validation vulnerability in Drupal Bibliography SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2006-08-14 | CVE-2006-4107 | SQL Injection vulnerability in Drupal JOB Search 4.6Rev1.3.2 SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search. | 7.5 |
| 2006-08-14 | CVE-2006-4103 | Remote File Include vulnerability in phNNTP File_newsportal PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | 7.5 |
| 2006-08-14 | CVE-2006-4102 | Unspecified vulnerability in Falko Timme and Till Brehm Sqlitewebadmin PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter. | 7.5 |
| 2006-08-11 | CVE-2006-4085 | Remote Security vulnerability in The Search Engine Project PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. | 7.5 |