Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-07 | CVE-2006-2888 | Remote File Include vulnerability in Wikiwig 4.0/4.1 PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter. | 7.5 |
2006-06-07 | CVE-2006-2887 | SQL Injection vulnerability in Aspburst Mynewsletter 1.1.2 Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp. | 7.5 |
2006-06-07 | CVE-2006-2884 | Input Validation vulnerability in KKE Info Media Kmita FAQ 1.0 SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2006-06-07 | CVE-2006-2879 | SQL Injection vulnerability in Alex NewsEngine Newscomments.PHP SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | 7.5 |
2006-06-07 | CVE-2006-2878 | Remote PHP Script Code Injection vulnerability in DokuWiki The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. | 7.5 |
2006-06-07 | CVE-2006-2877 | Remote File Include vulnerability in Sangwan KIM Bookmark4U 2.0 PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. | 7.5 |
2006-06-07 | CVE-2006-2875 | Remote Buffer Overflow vulnerability in Quake 3 Engine CL_ParseDownload Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion. | 7.5 |
2006-06-06 | CVE-2006-2872 | Remote File Include vulnerability in Rumble 1.02 PHP remote file inclusion vulnerability in config.php in Rumble 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the configArr[pathtodir] parameter. | 7.5 |
2006-06-06 | CVE-2006-2867 | SQL Injection vulnerability in CoolForum Editpost.PHP SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. | 7.5 |
2006-06-06 | CVE-2006-2862 | SQL Injection vulnerability in Particle Soft Particle Gallery 1.0.0 SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter. | 7.5 |