Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-19 | CVE-2006-1852 | SQL-Injection vulnerability in Article Publisher Pro SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter. | 7.5 |
| 2006-04-19 | CVE-2006-1849 | Input Validation vulnerability in xFlow Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter. | 7.5 |
| 2006-04-19 | CVE-2006-1847 | Input Validation vulnerability in Francisco Burzi PHP-Nuke 7.8 SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. | 7.5 |
| 2006-04-19 | CVE-2006-1839 | Unspecified vulnerability in PHP Album PHP Album 0.3.2.3 PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call. | 7.5 |
| 2006-04-19 | CVE-2006-1838 | SQL Injection and Authentication Bypass vulnerability in Clanscripte.Net Fuju News 1.0 edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie. | 7.5 |
| 2006-04-19 | CVE-2006-1837 | SQL Injection and Authentication Bypass vulnerability in Clanscripte.Net Fuju News 1.0 SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
| 2006-04-19 | CVE-2006-1831 | Input Validation vulnerability in Coder-World Sysinfo 1.21 Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php. | 7.5 |
| 2006-04-18 | CVE-2006-1819 | Unspecified vulnerability in PHPwebsite Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. | 7.5 |
| 2006-04-18 | CVE-2006-1807 | Input Validation vulnerability in MusicBox Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start parameter in a search action or (2) type parameter in a top action. | 7.5 |
| 2006-04-18 | CVE-2006-1805 | SQL Injection vulnerability in Powerscripts Powerclan 1.14 SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter. | 7.5 |