Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-27 | CVE-2006-6774 | Remote File Include vulnerability in Ciberia Content Federator 1.0 PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. network ciberia | 6.8 |
| 2006-12-27 | CVE-2006-6771 | Remote File Include vulnerability in Irokez CMS 0.7.1 Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/. network irokez | 6.8 |
| 2006-12-27 | CVE-2006-6770 | Remote File Include vulnerability in Jinzora 2.0.1 Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php. network jinzora | 6.8 |
| 2006-12-27 | CVE-2006-6769 | Cross-Site Scripting vulnerability in PHP Live PHP Live 2.8.1/3.0 Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php. network php-live | 6.8 |
| 2006-12-27 | CVE-2006-6768 | Cross-Site Scripting vulnerability in The Classified Ad System Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter. network pwp-technologies | 6.8 |
| 2006-12-27 | CVE-2006-6765 | Remote Security vulnerability in Pagetool Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter. network pagetool | 6.8 |
| 2006-12-27 | CVE-2006-6764 | Remote File Include vulnerability in Keep IT Simple Guest Book Keep IT Simple Guest Book 5.0 PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes parameter. network keep-it-simple-guest-book | 6.8 |
| 2006-12-27 | CVE-2006-6762 | Denial of Service vulnerability in Novell Netmail 3.5.2 The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. | 4.0 |
| 2006-12-27 | CVE-2006-6761 | Buffer Overflow vulnerability in Novell Netmail 3.5.2 Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. | 6.5 |
| 2006-12-27 | CVE-2006-6759 | Remote Denial of Service vulnerability in Realnetworks Realplayer 10.5 A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments. | 5.0 |