Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-06 | CVE-2006-2843 | Remote File Inclusion vulnerability in Redaxo 2.7.4 PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php. | 7.5 |
| 2006-06-06 | CVE-2006-2841 | Remote File Include vulnerability in Associated CMS 1.1.3 Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php. | 7.5 |
| 2006-06-06 | CVE-2006-2838 | Denial-Of-Service vulnerability in F-Secure Anti-Virus and Internet Gatekeeper Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. | 7.6 |
| 2006-06-06 | CVE-2006-2836 | SQL Injection vulnerability in Lore Comment.PHP SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | 7.5 |
| 2006-06-06 | CVE-2006-2835 | SQL Injection vulnerability in Arabless Saphplesson 2.0 SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php. | 7.5 |
| 2006-06-06 | CVE-2006-2834 | Remote File Include vulnerability in Gnopaste 0.5.2/0.5.3 PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | 7.5 |
| 2006-06-06 | CVE-2006-2831 | Input Validation vulnerability in Drupal Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | 7.5 |
| 2006-06-05 | CVE-2006-2830 | Remote Buffer Overflow vulnerability in Tibco Hawk, Rendezvous and Runtime Agent Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. | 7.5 |
| 2006-06-05 | CVE-2006-2826 | Code Execution vulnerability in PHPLIB SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary SQL commands via the id variable, which is set by a client through a query string or a cookie. | 7.5 |
| 2006-06-05 | CVE-2006-2824 | Remote Security vulnerability in Mailmanager Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314. | 7.5 |