Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-06 | CVE-2006-1636 | Code Injection vulnerability in Vwar Virtual WAR PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. | 7.5 |
| 2006-04-05 | CVE-2006-1624 | Denial-Of-Service vulnerability in Linux Kernel 2.6.20.1 The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses. | 7.8 |
| 2006-04-05 | CVE-2006-1618 | Remote Format String vulnerability in Doomsday 1.8.6 Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments. | 7.5 |
| 2006-04-05 | CVE-2006-1616 | SQL-Injection vulnerability in Advanced Poll Advanced Poll 2.0.2 Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. | 7.5 |
| 2006-04-04 | CVE-2006-1607 | Unspecified vulnerability in Exponent CMS Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors. | 7.5 |
| 2006-04-04 | CVE-2006-1605 | Unspecified vulnerability in Exponent CMS Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP." | 7.5 |
| 2006-04-04 | CVE-2006-1602 | Remote File Include vulnerability in PHPnuke-Clan 3.0.1 PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. | 7.5 |
| 2006-04-03 | CVE-2006-1600 | SQL-Injection vulnerability in PHPwebgallery 1.4.1 SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
| 2006-04-03 | CVE-2006-1599 | Remote Shell Code Execution vulnerability in V-Creator.Com V-Creator 1.3Pre2 Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions. | 7.5 |
| 2006-04-03 | CVE-2006-1598 | Unspecified vulnerability in AN An-Httpd AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension. | 7.8 |