Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2006-06-07 CVE-2006-2888 Remote File Include vulnerability in Wikiwig 4.0/4.1
PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter.
network
low complexity
wikiwig
7.5
2006-06-07 CVE-2006-2887 SQL Injection vulnerability in Aspburst Mynewsletter 1.1.2
Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp.
network
low complexity
aspburst
7.5
2006-06-07 CVE-2006-2884 Input Validation vulnerability in KKE Info Media Kmita FAQ 1.0
SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
network
low complexity
kke-info-media
7.5
2006-06-07 CVE-2006-2879 SQL Injection vulnerability in Alex NewsEngine Newscomments.PHP
SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
network
low complexity
alex
7.5
2006-06-07 CVE-2006-2878 Remote PHP Script Code Injection vulnerability in DokuWiki
The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.
network
low complexity
andreas-gohr
7.5
2006-06-07 CVE-2006-2877 Remote File Include vulnerability in Sangwan KIM Bookmark4U 2.0
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php.
network
low complexity
sangwan-kim
7.5
2006-06-07 CVE-2006-2875 Remote Buffer Overflow vulnerability in Quake 3 Engine CL_ParseDownload
Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.
network
low complexity
id-software
7.5
2006-06-06 CVE-2006-2872 Remote File Include vulnerability in Rumble 1.02
PHP remote file inclusion vulnerability in config.php in Rumble 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the configArr[pathtodir] parameter.
network
low complexity
rumble
7.5
2006-06-06 CVE-2006-2867 SQL Injection vulnerability in CoolForum Editpost.PHP
SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
network
low complexity
coolforum
7.5
2006-06-06 CVE-2006-2862 SQL Injection vulnerability in Particle Soft Particle Gallery 1.0.0
SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter.
network
low complexity
particle-soft
7.5