Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4867 | 1 Gnuturk | 1 Gnuturk Portal System | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum." | |||||
| CVE-2006-4870 | 1 Aewebworks | 1 Aedating | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php. | |||||
| CVE-2006-3192 | 1 Php Web Scripts | 1 Ad Manager Pro | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php. | |||||
| CVE-2006-3184 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2017-10-19 | 4.0 MEDIUM | N/A |
| Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp. | |||||
| CVE-2006-3177 | 1 Bible Portal Project | 1 Bible Portal Project | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter. | |||||
| CVE-2006-3162 | 1 Smartsitecms | 1 Smartsitecms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2006-4897 | 1 Cmtexts | 1 Cmtexts | 2017-10-19 | 5.0 MEDIUM | N/A |
| CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password. | |||||
| CVE-2006-4969 | 1 Wahm E-commerce | 1 Pie Cart Pro | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php. | |||||
| CVE-2006-4898 | 1 Guanxicrm | 1 Guanxicrm Business Solution | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter. | |||||
| CVE-2006-3580 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2006-4906 | 1 Marc Logemann | 1 More.groupware | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter. | |||||
| CVE-2006-4912 | 1 Php Docwriter | 1 Php Docwriter | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter. | |||||
| CVE-2006-4913 | 1 Alstrasoft | 1 E-friends | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file. | |||||
| CVE-2006-4916 | 1 Asp Indir | 1 Tekman Portal | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter. | |||||
| CVE-2006-4630 | 1 Sky Gunning | 1 Myspeach | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter. | |||||
| CVE-2006-4963 | 1 Exponent | 1 Exponent Cms | 2017-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files. | |||||
| CVE-2006-4629 | 1 C-news.fr | 1 C-news | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-4918 | 1 Simple Discussion Board | 1 Simple Discussion Board | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php. | |||||
| CVE-2006-4919 | 1 Siteatschool | 1 Siteatschool | 2017-10-19 | 2.6 LOW | N/A |
| Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. | |||||
| CVE-2006-4920 | 1 Siteatschool | 1 Siteatschool | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php. | |||||
| CVE-2006-4922 | 1 Siteatschool | 1 Siteatschool | 2017-10-19 | 5.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions. | |||||
| CVE-2006-4945 | 1 Cardway | 1 Digitalwebshop | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php. | |||||
| CVE-2006-4946 | 1 Cmsdevelopment | 1 Business Card Web Builder | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2006-4957 | 1 The Myreview System | 1 Myreview | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php. | |||||
| CVE-2006-4960 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query. | |||||
| CVE-2006-4961 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php. | |||||
| CVE-2006-4962 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file. | |||||
| CVE-2006-4974 | 1 Ipswitch | 1 Ws Ftp Server | 2017-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | |||||
| CVE-2006-3028 | 1 Minerva | 1 Minerva | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in stat_modules/users_age/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-3027 | 1 Enthrallweb | 1 Ephotos | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp. | |||||
| CVE-2006-4993 | 1 Voice Of Web | 1 Allmyguests | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone). | |||||
| CVE-2006-2998 | 1 Free Qboard | 1 Free Qboard | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter. | |||||
| CVE-2006-2996 | 1 Lovecompass | 1 Aepartner | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/design.inc.php in LoveCompass aePartner 0.8.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dir[data] parameter. | |||||
| CVE-2006-2995 | 1 Webprojectdb | 1 Webprojectdb | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter in (1) include/nav.php and (2) include/lang.php. | |||||
| CVE-2006-5020 | 1 Solidstate | 1 Solidstate | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php. | |||||
| CVE-2006-5023 | 1 Aspindir | 1 Xweblog | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter. | |||||
| CVE-2006-2982 | 1 Enterprise Payroll Systems | 1 Enterprise Payroll Systems | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php. | |||||
| CVE-2006-5030 | 1 Exv2 | 1 Content Management System | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2006-5032 | 1 Phpartenaire | 1 Phpartenaire | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter. | |||||
| CVE-2006-2962 | 1 Oxfam Australia | 1 Emergencies Personnel Information System | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter. | |||||
| CVE-2006-5053 | 1 Web-news | 1 Web-news | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter. | |||||
| CVE-2006-5054 | 1 Iyzi Forum | 1 Iyzi Forum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter. | |||||
| CVE-2006-5061 | 1 Advanced-clan-script | 1 Advanced-clan-script | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mcf.php in Advanced-Clan-Script (AVCX) 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | |||||
| CVE-2006-5062 | 1 Pblang | 1 Pblang | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter. | |||||
| CVE-2006-2929 | 1 Openemr | 1 Openemr | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter. | |||||
| CVE-2006-5065 | 1 Zoomstats | 1 Zoomstats | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[lib][db][path] parameter. | |||||
| CVE-2006-5068 | 1 Brudaswen | 1 Brudanews | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter. | |||||
| CVE-2006-5070 | 1 Facestones | 1 Facestones | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links.php in faceStones Personal 2.0.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fsinit][objpath] parameter. | |||||
| CVE-2006-5102 | 1 Baumedia | 1 Newswriter | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter. | |||||
| CVE-2006-2888 | 1 Wikiwig | 1 Wikiwig | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter. | |||||