Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-28 | CVE-2006-0908 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8Patched3.2 PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. | 7.5 |
2006-02-28 | CVE-2006-0907 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8 SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. | 7.5 |
2006-02-28 | CVE-2006-0906 | SQL Injection vulnerability in TOP Line D3Jeeb PRO 3 SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2) catogary.php. | 7.5 |
2006-02-27 | CVE-2006-0901 | Local Denial Of Service vulnerability in Sun Solaris HSFS Filesystem Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code. | 7.2 |
2006-02-27 | CVE-2006-0900 | Remote NFS RPC Request Denial of Service vulnerability in Freebsd 6.0 nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite. | 7.8 |
2006-02-27 | CVE-2006-0899 | Remote File Include vulnerability in 4images Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter. | 7.5 |
2006-02-25 | CVE-2006-0892 | Input Validation vulnerability in Nocc 1.0 NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities. | 7.5 |
2006-02-25 | CVE-2006-0887 | Code Injection vulnerability in PHPlib Team PHPlib 7.4 Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. | 7.5 |
2006-02-24 | CVE-2006-0881 | Remote File Include vulnerability in Noah's Classifieds Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php. | 7.5 |
2006-02-24 | CVE-2006-0879 | SQL Injection vulnerability in Noah's Classifieds Search Page SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | 7.5 |