Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3053 | 1 Phorum | 1 Phorum | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor. | |||||
| CVE-2006-3102 | 1 Bitweaver | 1 Bitweaver | 2018-10-18 | 5.1 MEDIUM | N/A |
| Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory. | |||||
| CVE-2006-3033 | 1 Myscrapbook | 1 Myscrapbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input box in singlepage.php when submitting scrapbook pages. | |||||
| CVE-2006-3013 | 1 Eschew.net | 1 Phpbannerexchange | 2018-10-18 | 5.1 MEDIUM | N/A |
| Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange. | |||||
| CVE-2006-3054 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php. | |||||
| CVE-2006-2988 | 1 Chemical Dictionary | 1 Chemical Dictionary | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action. | |||||
| CVE-2006-3097 | 1 Hp | 1 Hp-ux | 2018-10-18 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. | |||||
| CVE-2006-3092 | 1 Phpmyfactures | 1 Phpmyfactures | 2018-10-18 | 7.5 HIGH | N/A |
| PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-2986 | 1 Baby Katie Media | 2 Very Simple Car Lister, Very Simple Realty Lister | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php. | |||||
| CVE-2006-2985 | 1 Integramod | 1 Integramod | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter. | |||||
| CVE-2006-2984 | 1 Integramod | 1 Integramod | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection. | |||||
| CVE-2006-2997 | 1 Zms Publishing | 1 Zms | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field. | |||||
| CVE-2006-3091 | 1 Phpmyfactures | 1 Phpmyfactures | 2018-10-18 | 5.0 MEDIUM | N/A |
| PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attackers to obtain the installation path via a direct request to (1) /verif.php, (2) /inc/footer.php, and (3) /remises/ajouter_remise.php. | |||||
| CVE-2006-2979 | 1 Viart | 1 Shop | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php. | |||||
| CVE-2006-2978 | 1 Mafia Moblog | 1 Mafia Moblog | 2018-10-18 | 5.0 MEDIUM | N/A |
| Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the installation path in an error message via a direct request to (1) big.php and (2) upgrade.php. | |||||
| CVE-2006-3034 | 1 Myscrapbook | 1 Myscrapbook | 2018-10-18 | 5.0 MEDIUM | N/A |
| MyScrapbook 3.1 allows remote attackers to obtain sensitive information via a direct request to files in the txt-db-api directory such as txt-db-api/sql.php, which reveals the path in an error message. | |||||
| CVE-2006-3042 | 1 Ispconfig | 1 Ispconfig | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher "reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer." | |||||
| CVE-2006-3090 | 1 Phpmyfactures | 1 Phpmyfactures | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_pays parameter in (a) /pays/modifier_pays.php; (2) id_produit, (3) quantite, (4) prix_ht, and (5) date parameter in (b) /stocks/ajouter.php; (6) id_cat parameter in (c) /produits/modifier_cat.php; (7) id_client parameter in (d) /clients/modifier_client.php; (8) id_remise parameter in (e) /remises/index.php; (9) id_taux parameter in (f) /tva/index.php; (10) ref_produit, and (11) id_stock parameter in (g) /stocks/index.php; (12) id_pays parameter in (h) /pays/index.php; and (13) id_cat parameter in (i) /produits/index.php. | |||||
| CVE-2006-3041 | 1 Codewalkers | 1 Ltwcalendar | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement. | |||||
| CVE-2006-3036 | 1 Andy Mack | 1 35mmslidegallery | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php, and the (2) w, (3) h, and (4) t parameters in (b) popup.php. | |||||
| CVE-2006-3040 | 1 Amr Talkbox | 1 Amr Talkbox | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement. | |||||
| CVE-2006-2972 | 1 Arantius | 1 Vice Stats | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vs_resource.php in Arantius Vice Stats 0.5b and 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-3039 | 1 Cescripts | 1 Realty Home Rent | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed." | |||||
| CVE-2006-3055 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php. | |||||
| CVE-2006-3038 | 1 Cescripts | 1 Realty Room Rent | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed." | |||||
| CVE-2006-3056 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter. | |||||
| CVE-2006-2971 | 1 Overkill | 1 Overkill | 2018-10-18 | 5.0 MEDIUM | N/A |
| Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function. | |||||
| CVE-2006-2966 | 1 Particle Soft | 1 Particle Wiki | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme. | |||||
| CVE-2006-3060 | 1 Webexceluk | 1 P.a.i.d | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page. | |||||
| CVE-2006-2970 | 1 L0j1k | 1 Tinymuw | 2018-10-18 | 5.0 MEDIUM | N/A |
| videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message. | |||||
| CVE-2006-3075 | 1 Picturedis | 2 Picturedis Photoalbum, Picturedis Professional | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php. | |||||
| CVE-2006-3089 | 1 Phpmyfactures | 1 Phpmyfactures | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) prefixe_dossier parameter in (a) /inc/header.php; (2) msg parameter in (b) /remises/ajouter_remise.php, (c) /tva/ajouter_tva.php, (d) /stocks/ajouter.php, (e) /pays/ajouter_pays.php, (f) /produits/ajouter_cat.php, (g) /produits/ajouter_produit.php and (h) /produits/modifier_cat.php; (3) tire parameter in /remises/ajouter_remise.php; (4) quantite, (5) taux and (6) date parameter in /stocks/ajouter.php; and (7) pays and (8) prefixe parameter in /pays/ajouter_pays.php. | |||||
| CVE-2006-2965 | 1 Particle Soft | 1 Particle Whois | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box." | |||||
| CVE-2006-3080 | 1 Axent | 1 Axentforum | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter. | |||||
| CVE-2006-3078 | 1 Apboard | 1 Apboard | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php. | |||||
| CVE-2006-3076 | 1 Phpbluedragon | 1 Phpbluedragon Cms | 2018-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PhpBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. | |||||
| CVE-2006-3071 | 1 Anton Belev | 1 Mp3 Search Archive | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter. | |||||
| CVE-2006-2969 | 1 L0j1k | 1 Tinymuw | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations. | |||||
| CVE-2006-3070 | 1 Zeroboard | 1 Zeroboard | 2018-10-18 | 5.0 MEDIUM | N/A |
| write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php. | |||||
| CVE-2006-3085 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 7.8 HIGH | N/A |
| xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length. | |||||
| CVE-2006-3050 | 1 Six Offene Systeme Gmbh | 1 Sixcms | 2018-10-18 | 2.6 LOW | N/A |
| Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter. | |||||
| CVE-2006-2967 | 1 Syworks | 1 Safenet | 2018-10-18 | 2.1 LOW | N/A |
| Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file. | |||||
| CVE-2006-3062 | 1 Myphp Guestbook | 1 Myphp Guestbook | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2006-3065 | 1 Blursoft | 1 Blur6ex | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different. | |||||
| CVE-2006-3066 | 1 Ibm | 1 Db2 Universal Database | 2018-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. | |||||
| CVE-2006-2952 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) Default_Theme parameter to header.php or (2) ModPath parameter to modules/cluster-paradise/cluster-E.php. | |||||
| CVE-2006-2963 | 1 It-direkt | 1 Cabacos Web Cms | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter. | |||||
| CVE-2006-2964 | 1 Xtreme Scripts | 1 Download Manager | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php. | |||||
| CVE-2006-2949 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. | |||||
| CVE-2006-2959 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie. | |||||