Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-23 | CVE-2006-3190 | SQL-Injection vulnerability in Hotplug CMS Hotplug CMS 1.0 SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters. | 7.5 |
| 2006-06-23 | CVE-2006-3188 | SQL-Injection vulnerability in Sharky E-Shop Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. | 7.5 |
| 2006-06-23 | CVE-2006-3185 | Remote File Include vulnerability in CMS Faethon CMS Faethon 1.3.2 PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter. | 7.5 |
| 2006-06-23 | CVE-2006-3182 | Directory Traversal vulnerability in Mobescripts Mobile Space Community 2.0 Directory traversal vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2006-06-23 | CVE-2006-3181 | SQL Injection vulnerability in Mobescripts Mobile Space Community 2.0 SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter. | 7.5 |
| 2006-06-23 | CVE-2006-3177 | Remote File Include vulnerability in Bible Portal Rtf_parser.PHP PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter. | 7.5 |
| 2006-06-23 | CVE-2006-3176 | SQL Injection vulnerability in Xaran CMS 2.0 SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-06-23 | CVE-2006-3175 | Code Injection vulnerability in Mcguestbook 1.3 Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php, (2) ecrire.php, and (3) lire.php. | 7.5 |
| 2006-06-23 | CVE-2006-3173 | Remote File Include vulnerability in Content*Builder 0.7.5 Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parameter to (c) modules/archive/overview.inc.php, and the (3) actualModuleDir parameter to (d) modules/forum/showThread.inc.php. | 7.5 |
| 2006-06-23 | CVE-2006-3172 | Code Injection vulnerability in Content*Builder 0.7.5 Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash (/) character in the (1) lang_path parameter to (a) cms/plugins/col_man/column.inc.php, (b) cms/plugins/poll/poll.inc.php, (c) cms/plugins/user_managment/usrPortrait.inc.php, (d) cms/plugins/user_managment/user.inc.php, (e) cms/plugins/media_manager/media.inc.php, (f) cms/plugins/events/permanent.eventMonth.inc.php, (g) cms/plugins/events/events.inc.php, and (h) cms/plugins/newsletter2/newsletter.inc.php; (2) path[cb] parameter to (i) modules/guestbook/guestbook.inc.php, (j) modules/shoutbox/shoutBox.php, and (k) modules/sitemap/sitemap.inc.php; and the (3) rel parameter to (l) modules/download/overview.inc.php, (m) modules/download/detailView.inc.php, (n) modules/article/fullarticle.inc.php, (o) modules/article/comments.inc.php, (p) modules/article2/overview.inc.php, (q) modules/article2/fullarticle.inc.php, (r) modules/article2/comments.inc.php, (s) modules/headline/headlineBox.php, and (t) modules/headline/showHeadline.inc.php. | 7.5 |