Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6830 | 1 Cafelog | 1 B2 Blog | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter. | |||||
| CVE-2006-6831 | 1 Alan Ward | 1 A-faq | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter. | |||||
| CVE-2006-6842 | 1 Codemonkeyx | 1 Acronym Mod | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6850 | 1 Shadowed Works | 1 Shadowed Portal | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | |||||
| CVE-2006-6853 | 1 Mozilla | 1 Durian Web Application Server | 2017-10-19 | 10.0 HIGH | N/A |
| Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. | |||||
| CVE-2006-6855 | 1 Aidex | 1 Mini-webserver | 2017-10-19 | 5.0 MEDIUM | N/A |
| AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6856 | 1 Webtext | 1 Webtext | 2017-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. | |||||
| CVE-2006-6859 | 1 Website Designs For Less | 1 Click N Print Coupons | 2017-10-19 | 10.0 HIGH | N/A |
| SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2006-6866 | 1 Stphp | 1 Easynews | 2017-10-19 | 7.8 HIGH | N/A |
| STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. | |||||
| CVE-2006-6867 | 1 Vladimir Meshakov | 1 Bubla | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809. | |||||
| CVE-2006-6869 | 1 Maxdev | 1 Mdforum | 2017-10-19 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | |||||
| CVE-2006-6872 | 1 Endonesia | 1 Endonesia | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. | |||||
| CVE-2006-6873 | 1 Endonesia | 1 Endonesia | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation. | |||||
| CVE-2006-6877 | 1 Matteo Lucarelli | 1 3editor Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2006-6878 | 1 Php-update | 1 Php-update | 2017-10-19 | 7.5 HIGH | N/A |
| admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. | |||||
| CVE-2006-6879 | 1 Php-update | 1 Php-update | 2017-10-19 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. | |||||
| CVE-2006-6885 | 1 Macromedia | 1 Shockwave | 2017-10-19 | 4.3 MEDIUM | N/A |
| An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. | |||||
| CVE-2006-6910 | 1 Fersch | 1 Formbankserver | 2017-10-19 | 7.8 HIGH | N/A |
| formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. | |||||
| CVE-2006-6911 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2017-10-19 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter. | |||||
| CVE-2006-6938 | 1 Nitrotech | 1 Nitrotech | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter. | |||||
| CVE-2006-6941 | 1 Freewebshop | 1 Freewebshop | 2017-10-19 | 5.0 MEDIUM | N/A |
| index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message. | |||||
| CVE-2006-7156 | 1 Minibb | 1 Keyword Replacer | 2017-10-19 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. | |||||
| CVE-2006-7172 | 1 Php-stats | 1 Php-stats | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter. | |||||
| CVE-2006-7173 | 1 Php-stats | 1 Php-stats | 2017-10-19 | 10.0 HIGH | N/A |
| Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php. | |||||
| CVE-2007-0015 | 1 Apple | 1 Quicktime | 2017-10-19 | 6.8 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. | |||||
| CVE-2007-0020 | 1 Panic Transmit | 1 Panic Transmit | 2017-10-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL. | |||||
| CVE-2007-0049 | 1 Geckovich | 2 Tasktracker, Tasktracker Pro | 2017-10-19 | 7.5 HIGH | N/A |
| Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. | |||||
| CVE-2007-0052 | 1 Vizayn Haber | 1 Vizayn Haber | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0053 | 1 Asp Siteware | 1 Autodealer | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | |||||
| CVE-2007-0055 | 1 Fersch | 1 Formbankserver | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0082 | 1 Imgallery | 1 Imgallery | 2017-10-19 | 6.5 MEDIUM | N/A |
| users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. | |||||
| CVE-2007-0091 | 1 Katy Whitton Web Development | 1 Newscmslite | 2017-10-19 | 7.5 HIGH | N/A |
| newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. | |||||
| CVE-2007-0092 | 1 E-smart Cart | 1 E-smart Cart | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | |||||
| CVE-2007-0098 | 1 Verliadmin | 1 Verliadmin | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | |||||
| CVE-2007-0120 | 1 Acunetix | 1 Web Vulnerability Scanner | 2017-10-19 | 1.9 LOW | N/A |
| Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values. | |||||
| CVE-2007-0128 | 1 Digiappz | 1 Digirez | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||||
| CVE-2007-0129 | 1 Locazo | 1 Locazolist Classifieds | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter. | |||||
| CVE-2007-0135 | 1 Aratix | 1 Aratix | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter. | |||||
| CVE-2007-0144 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. | |||||
| CVE-2007-0170 | 1 Allmyphp | 1 Allmyvisitors | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter. | |||||
| CVE-2007-0171 | 1 Voice Of Web | 1 Allmylinks | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter. | |||||
| CVE-2007-0172 | 1 Voice Of Web | 1 Allmyguests | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php. | |||||
| CVE-2007-0173 | 1 L2j | 1 Statistik Script | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | |||||
| CVE-2007-0200 | 1 Geoffrey Golliher | 1 Axiom Photo News Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter. | |||||
| CVE-2007-0224 | 1 Virtual Programming | 1 Vp-asp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter. | |||||
| CVE-2007-0225 | 1 Virtual Programming | 1 Vp-asp | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2007-0233 | 1 Wordpress | 1 Wordpress | 2017-10-19 | 7.5 HIGH | N/A |
| wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress. | |||||
| CVE-2007-0261 | 1 Snews | 1 Snews | 2017-10-19 | 10.0 HIGH | N/A |
| snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. | |||||
| CVE-2007-0340 | 1 Thwboard | 1 Thwboard | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php. | |||||
| CVE-2007-0300 | 1 Tlm Cms | 1 Tlm Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | |||||