Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-11 | CVE-2006-4083 | Remote Security vulnerability in Myevent 1.2/1.3 PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. | 7.5 |
2006-08-11 | CVE-2006-4082 | Local Security vulnerability in Barracuda Networks Barracuda Spam Firewall 3.3.03.053 Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. | 7.2 |
2006-08-11 | CVE-2006-4081 | Multiple vulnerability in Barracuda Networks Spam Firewall 3.3.01.001/3.3.03.053 preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. | 7.5 |
2006-08-11 | CVE-2006-4078 | Unspecified vulnerability in Deluxebb 1.08 pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter. | 7.5 |
2006-08-11 | CVE-2006-4073 | Remote File Include vulnerability in PHPcc Beta4.2 Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php. | 7.5 |
2006-08-10 | CVE-2006-4064 | SQL Injection vulnerability in Yenerturk Haber Script 1.0/2.0 SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-08-10 | CVE-2006-4063 | Remote Security vulnerability in Csaba Godor Sapid Blog Beta 2 Initial Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php. | 7.5 |
2006-08-10 | CVE-2006-4060 | Remote File Include vulnerability in Web-Scripts Visual Events Calendar 1.1 PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter. | 7.5 |
2006-08-10 | CVE-2006-4059 | Remote File Include vulnerability in Usolved Newsolved Lite 1.9.2 Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php. | 7.5 |
2006-08-10 | CVE-2006-4057 | Remote Buffer Overflow vulnerability in Mitch Murray Eremove 1.4 Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment. | 7.5 |