Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4321 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4372 | 1 Constructor Component | 1 Constructor Component | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | |||||
| CVE-2006-4276 | 1 Tutti Nova | 1 Tutti Nova | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php. | |||||
| CVE-2006-4278 | 1 Sportsphool | 1 Sportsphool | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter. | |||||
| CVE-2006-4367 | 1 All Topics | 1 All Topics Hack | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2006-4287 | 2 Nes Game, Nes System | 2 Nes Game, Nes System | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php. | |||||
| CVE-2006-4329 | 1 Shadows Rising Rpg | 1 Shadows Rising Rpg | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php. | |||||
| CVE-2006-4291 | 1 Phlymail | 1 Phlymail Lite | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter. | |||||
| CVE-2006-5426 | 1 Local Calendar System | 1 Local Calendar System | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter. | |||||
| CVE-2006-4365 | 1 Vistabb | 1 Vistabb | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php. | |||||
| CVE-2006-4296 | 1 Mambo | 1 Bigape-backup Component | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4354 | 1 Phome Empire | 1 Phome Empire Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter. | |||||
| CVE-2006-2151 | 1 Phpbb Group | 1 Phpbb Toplist | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | |||||
| CVE-2006-4669 | 1 Somery | 1 Somery | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter. | |||||
| CVE-2006-4676 | 1 Tibco | 1 Rendezvous | 2017-10-19 | 1.2 LOW | N/A |
| TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file. | |||||
| CVE-2006-4681 | 1 Ibm | 1 Director | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. | |||||
| CVE-2006-3478 | 1 Myphp Cms | 1 Myphp Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter. | |||||
| CVE-2006-4719 | 1 Myabracadaweb | 1 Myabracadaweb | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php. | |||||
| CVE-2006-3422 | 1 Wonderedit | 1 Wonderedit Pro Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows remote attackers to execute arbitrary PHP code via the config[template_path] parameter in user_bottom.php, as used by multiple templates including (1) rwb (template/rwb/user_bottom.php), (2) gwb (template/rwb/user_bottom.php, (3) blues, (4) bluwhi, and (5) grns. | |||||
| CVE-2006-4714 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter. | |||||
| CVE-2006-4715 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-4716 | 1 Fire Soft Board | 1 Fire Soft Board | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. | |||||
| CVE-2006-3400 | 2 Id Software, Raven Software | 2 Quake 3 Engine, Soldier Of Fortune 2 | 2017-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. | |||||
| CVE-2006-4723 | 1 Raidenhttpd | 1 Raidenhttpd | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter. | |||||
| CVE-2006-3520 | 1 Sabdrimer Cms | 1 Sabdrimer Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter. | |||||
| CVE-2006-3394 | 1 Bxcp | 1 Bxcp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action. | |||||
| CVE-2006-3387 | 1 Fusionphp | 1 Fusion News | 2017-10-19 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file. | |||||
| CVE-2006-4750 | 1 Openi-cms Group | 1 Openi-cms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter. | |||||
| CVE-2006-3375 | 1 Randshop | 1 Randshop | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter. | |||||
| CVE-2006-3347 | 1 Devilz Clanportal | 1 Devilz Clanportal | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3341 | 1 Myads | 1 Myads | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp for Xoops allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2006-4769 | 1 Gtasoft | 1 P4cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter. | |||||
| CVE-2006-4770 | 1 Miniportal | 1 Miniportal | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter. | |||||
| CVE-2006-4779 | 1 Phpbb Group | 1 Vitrax Premodded Phpbb | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-3309 | 1 Internet Scout Project | 1 Scout Portal Toolkit | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2006-4782 | 1 Webspell | 1 Webspell | 2017-10-19 | 5.4 MEDIUM | N/A |
| src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | |||||
| CVE-2003-1314 | 1 Eternalmart | 1 Eternalmart Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter. | |||||
| CVE-2005-0530 | 1 Linux | 1 Linux Kernel | 2017-10-19 | 2.1 LOW | N/A |
| Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument. | |||||
| CVE-2005-0619 | 1 Bfriendly.com | 1 Einstein | 2017-10-19 | 2.1 LOW | N/A |
| Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges. | |||||
| CVE-2004-2262 | 1 E107 | 1 E107 | 2017-10-19 | 5.0 MEDIUM | N/A |
| ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. | |||||
| CVE-2001-0328 | 2017-10-19 | 5.0 MEDIUM | N/A | ||
| TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN. | |||||
| CVE-2001-0380 | 1 Crosscom Olicom | 1 Xlt-f | 2017-10-19 | 6.4 MEDIUM | N/A |
| Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'. | |||||
| CVE-2000-1134 | 7 Caldera, Conectiva, Hp and 4 more | 9 Openlinux, Openlinux Edesktop, Openlinux Eserver and 6 more | 2017-10-19 | 7.2 HIGH | N/A |
| Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack. | |||||
| CVE-2000-1126 | 1 Hp | 1 Hp-ux | 2017-10-19 | 10.0 HIGH | N/A |
| Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service. | |||||
| CVE-2006-6644 | 1 Mxbb | 1 Mxbb Meeting | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-5429 | 1 Barry Nauta | 1 Brim | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter in template.tpl.php in (1) templates/barrel/, (2) templates/sidebar/, (3) templates/text-only, (4) templates/slashdot/, (5) templates/penguin/, (6) templates/pda/, (7) templates/oerdec/, (8) templates/nifty/, (9) templates/mylook, and (10) templates/barry/. | |||||
| CVE-2006-5432 | 1 Marc Giombetti | 1 Phppowercards | 2017-10-19 | 2.6 LOW | N/A |
| Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file. | |||||
| CVE-2006-5433 | 1 Timm Maass | 1 Alice Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[local_root] parameter. | |||||
| CVE-2006-5434 | 1 P-news | 1 P-news | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter. | |||||
| CVE-2006-5547 | 1 Otscms | 1 Otscms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.0.0 through 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][includes] parameter. | |||||