Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-13 | CVE-2006-2982 | Remote File Include vulnerability in Enterprise Payroll Systems AbsolutePath Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php. | 7.5 |
| 2006-06-13 | CVE-2006-2908 | Remote PHP Script Code Injection vulnerability in Mybulletinboard 1.1.2 The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. | 7.5 |
| 2006-06-12 | CVE-2006-2981 | SQL-Injection vulnerability in Vice Stats SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972. | 7.5 |
| 2006-06-12 | CVE-2006-2977 | SQL Injection vulnerability in Mafia Moblog Mafia Moblog SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter. | 7.5 |
| 2006-06-12 | CVE-2006-2976 | Remote Security vulnerability in Coppermine Photo Gallery Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. | 7.5 |
| 2006-06-12 | CVE-2006-2973 | SQL Injection vulnerability in PHP Lite Calendar Express 2.2 Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. | 7.5 |
| 2006-06-12 | CVE-2006-2972 | SQL Injection vulnerability in Vice Stats VS_Resource.PHP SQL injection vulnerability in vs_resource.php in Arantius Vice Stats 0.5b and 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
| 2006-06-12 | CVE-2006-2964 | File Include vulnerability in Xtreme Scripts Download Manager 1.0 Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php. | 7.5 |
| 2006-06-12 | CVE-2006-2962 | Remote File Include vulnerability in Empris PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter. | 7.5 |
| 2006-06-12 | CVE-2006-2961 | Commands Remote Buffer Overflow vulnerability in ACLogic CesarFTP Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. | 7.5 |