Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-03 | CVE-2006-1596 | Unspecified vulnerability in Claroline PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter. | 7.5 |
2006-04-03 | CVE-2006-1594 | Information Disclosure vulnerability in Claroline Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php. | 7.5 |
2006-04-03 | CVE-2006-1592 | Remote vulnerability in ZDaemon Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument. | 7.5 |
2006-04-02 | CVE-2006-1586 | SQL Injection vulnerability in ISP Site Man Admin_Login.ASP SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan allows remote attackers to execute arbitrary SQL commands via the pass parameter. | 7.5 |
2006-04-02 | CVE-2006-1579 | SQL Injection vulnerability in DbbS Topics.PHP SQL injection vulnerability in topics.php in Dynamic Bulletin Board System (DbbS) 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter. | 7.5 |
2006-04-02 | CVE-2006-1576 | Input Validation vulnerability in Vscripts.Pl Qlnews 1.2 Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php. | 7.5 |
2006-04-01 | CVE-2006-1573 | Remote File Include vulnerability in Mediaslash.Com Mediaslash Gallery 0 PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable). | 7.5 |
2006-03-31 | CVE-2006-1563 | Remote Security vulnerability in Vscripts Vbook 2.0 Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other [V]Book scripts. | 7.6 |
2006-03-31 | CVE-2006-1560 | SQL Injection vulnerability in Skintech PHPnewsmanager 1.48 Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. | 7.5 |
2006-03-31 | CVE-2006-1559 | SQL-Injection vulnerability in PHP Script Index SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |