Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-13 | CVE-2006-3559 | Input Validation vulnerability in Arif Supriyanto Auracms 1.62 Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters. | 7.5 |
| 2006-07-13 | CVE-2006-3554 | Directory Traversal vulnerability in Mkportal 1.0.1Final Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter. | 7.5 |
| 2006-07-12 | CVE-2006-3537 | Remote File Include vulnerability in Randshop 0.9.3 PHP remote file inclusion vulnerability in index.php in Randshop before 1.2 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter, a different vector than CVE-2006-3375. | 7.5 |
| 2006-07-12 | CVE-2006-3536 | Remote PHP Script Code Injection vulnerability in EJ3 Topo 2.2/2.2.178 Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script. | 7.5 |
| 2006-07-12 | CVE-2006-3534 | Directory Traversal vulnerability in Shoutcast Server Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | 7.8 |
| 2006-07-12 | CVE-2006-3531 | Input Validation vulnerability in Pivot includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters. | 7.5 |
| 2006-07-12 | CVE-2006-3525 | SQL-Injection vulnerability in PHPcredo Phcdownload 1.0.0Final SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-07-12 | CVE-2006-3524 | Remote Buffer-Overflow vulnerability in SIPfoundry SIPXtapi CSeq Processing Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message. | 7.5 |
| 2006-07-12 | CVE-2006-3520 | Remote File Include vulnerability in Sabdrimer CMS Advanced1.PHP PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter. | 7.5 |
| 2006-07-11 | CVE-2006-3518 | SQL Injection vulnerability in Webvizyon.Net Webvizyon Portal 2006 SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal 2006 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |