Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-10 | CVE-2006-4056 | SQL Injection vulnerability in The Address Book Login Page Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | 7.5 |
2006-08-10 | CVE-2006-4055 | Remote File Include vulnerability in TSEP Colorswitch.PHP Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. | 7.5 |
2006-08-10 | CVE-2006-4054 | Remote Security vulnerability in Ehmig ME Download System 1.3 Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php. | 7.5 |
2006-08-10 | CVE-2006-4052 | Remote Security vulnerability in [Extra BID] Php Simple Shop Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php. | 7.5 |
2006-08-10 | CVE-2006-4051 | Remote File Include vulnerability in PHP Live Helper Global.PHP PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter. | 7.5 |
2006-08-10 | CVE-2006-4050 | Remote File Include vulnerability in PHPAutoMembersArea Auto_Check_Renewals.PHP PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. | 7.5 |
2006-08-09 | CVE-2006-4048 | Unspecified vulnerability in Netious CMS Netious CMS 0.4 Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. | 7.5 |
2006-08-09 | CVE-2006-4047 | SQL Injection vulnerability in Netious CMS Username Parameter SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2006-08-09 | CVE-2006-4046 | Buffer Overflow vulnerability in Open Cubic Player Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function. | 7.5 |
2006-08-09 | CVE-2006-4045 | Remote File Include vulnerability in Torbstoff News 4 PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | 7.5 |