Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-22 | CVE-2006-2523 | Remote Security vulnerability in Smartisoft PHPlistpro 2.0 PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie. | 7.5 |
| 2006-05-22 | CVE-2006-2522 | Remote Security vulnerability in Dayfox Blog Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. | 7.5 |
| 2006-05-22 | CVE-2006-2521 | Code Injection vulnerability in Accomplishtechnology PHPmydirectory PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | 7.5 |
| 2006-05-22 | CVE-2006-2517 | SQL-Injection vulnerability in Myweb Portal Office SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2006-05-22 | CVE-2006-2514 | File-Upload vulnerability in Coppermine Photo Gallery Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | 7.5 |
| 2006-05-22 | CVE-2006-2513 | Authentication Bypass vulnerability in SUN Java System Directory Server 5.2 Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges. | 7.5 |
| 2006-05-22 | CVE-2006-2509 | HTML Injection vulnerability in YourFreeWorld Short Url & Url Tracker Script SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-05-22 | CVE-2006-2507 | Remote File Include vulnerability in Foing Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php. | 7.5 |
| 2006-05-22 | CVE-2006-2504 | SQL Injection vulnerability in AZBoard List.ASP Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp. | 7.5 |
| 2006-05-22 | CVE-2006-2503 | SQL Injection vulnerability in Deluxebb 1.06 SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter. | 7.5 |