Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3266 | 1 Magnet | 1 Bee-hive Lite | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php. | |||||
| CVE-2006-3269 | 1 Thorcms | 1 Thorcms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
| CVE-2006-3294 | 1 Cbsms | 1 Mambo Module | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3300 | 1 Phpmysms | 1 Phpmysms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sms_config/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | |||||
| CVE-2006-3309 | 1 Internet Scout Project | 1 Scout Portal Toolkit | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2006-3340 | 1 Pearlinger | 1 Pearl For Mambo | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php. | |||||
| CVE-2006-3341 | 1 Myads | 1 Myads | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp for Xoops allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2006-3347 | 1 Devilz Clanportal | 1 Devilz Clanportal | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3375 | 1 Randshop | 1 Randshop | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter. | |||||
| CVE-2006-3387 | 1 Fusionphp | 1 Fusion News | 2017-10-19 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file. | |||||
| CVE-2006-3394 | 1 Bxcp | 1 Bxcp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action. | |||||
| CVE-2006-3400 | 2 Id Software, Raven Software | 2 Quake 3 Engine, Soldier Of Fortune 2 | 2017-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. | |||||
| CVE-2006-3401 | 1 Id Software | 1 Quake 3 Engine | 2017-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values. | |||||
| CVE-2006-3422 | 1 Wonderedit | 1 Wonderedit Pro Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows remote attackers to execute arbitrary PHP code via the config[template_path] parameter in user_bottom.php, as used by multiple templates including (1) rwb (template/rwb/user_bottom.php), (2) gwb (template/rwb/user_bottom.php, (3) blues, (4) bluwhi, and (5) grns. | |||||
| CVE-2006-3478 | 1 Myphp Cms | 1 Myphp Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter. | |||||
| CVE-2006-3520 | 1 Sabdrimer Cms | 1 Sabdrimer Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter. | |||||
| CVE-2006-3580 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2006-3685 | 1 Czaries Network | 1 Czarnews | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859. | |||||
| CVE-2006-3727 | 1 Eskolar Cms | 1 Eskolar Cms | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a) index.php; the (5) uid and (6) pwd parameters in (b) php/esa.php; and possibly other vectors related to files in php/lib/ including (c) del.php, (d) download_backup.php, (e) navig.php, (f) restore.php, (g) set_12.php, (h) set_14.php, and (i) upd_doc.php. | |||||
| CVE-2006-3735 | 1 Mail2forum | 1 Mail2forum | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (module for phpBB) 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the m2f_root_path parameter to (1) m2f/m2f_phpbb204.php, (2) m2f/m2f_forum.php, (3) m2f/m2f_mailinglist.php or (4) m2f/m2f_cron.php. | |||||
| CVE-2006-3736 | 1 Mambo | 1 Videodb | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3748 | 1 Mamboxchange | 1 Loudmouth | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/abbc/abbc.class.php in the LoudMouth Component for Mambo 4.0j, and possibly other versions including 4.1, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3749 | 1 Mambo | 1 Sitemap | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3750 | 1 Hashcash | 1 Hashcash | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3751 | 1 Htmlarea3 | 1 Htmlarea3 | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3754 | 1 Flushcms | 1 Flushcms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. | |||||
| CVE-2006-3773 | 1 Mambo | 1 Smf-forum | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3851 | 1 X7 Group | 1 X7 Chat | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter. | |||||
| CVE-2006-3904 | 1 Etomite | 1 Etomite | 2017-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-3912 | 1 Rarlab | 1 Winrar | 2017-10-19 | 2.1 LOW | N/A |
| Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact. | |||||
| CVE-2006-3917 | 1 R. Corson | 1 Php Forge | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/gabarits.php in R. Corson PHP Forge 3 beta 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg_racine parameter. | |||||
| CVE-2006-3922 | 1 Portailphp | 1 Portailphp | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mod_membre/inscription.php in PortailPHP 1.7 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | |||||
| CVE-2006-3928 | 1 Mikael Software | 1 Wmnews | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in WMNews 0.2a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_datapath parameter. | |||||
| CVE-2006-3951 | 1 Mam-moodle Alpha Component | 1 Mam-moodle Alpha Component | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in moodle.php in Mam-moodle alpha component (com_moodle) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3962 | 1 Mambo | 1 Bayesiannaivefilter | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3969 | 1 Joomla | 1 Colophon | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3970 | 1 Joomla | 1 Lmo | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3983 | 1 Ekilat Llc | 1 Php\(reactor\) | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter. | |||||
| CVE-2006-3991 | 1 Voc-project | 1 Voodoo Chat | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh Voodoo chat 1.0RC1b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter. | |||||
| CVE-2006-3995 | 1 User Home Pages | 1 User Home Pages | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3998 | 1 Wowroster | 1 Wowroster | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter. | |||||
| CVE-2006-4004 | 1 Vbportal | 1 Vbportal | 2017-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | |||||
| CVE-2006-4011 | 1 Kayako | 1 Esupport | 2017-10-19 | 2.6 LOW | N/A |
| PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter. | |||||
| CVE-2006-4040 | 1 Mywebland | 1 Myevent | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. | |||||
| CVE-2006-4045 | 1 Torbstoff | 1 Torbstoff News | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | |||||
| CVE-2006-4062 | 1 Dmitry Sheiko | 1 Sapid Shop | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter. | |||||
| CVE-2006-4063 | 1 Csaba Godor | 1 Sapid Blog Beta 2 | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php. | |||||
| CVE-2006-4065 | 1 Dmitry Sheiko | 1 Sapid Gallery | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_calendar.inc.php or the (2) GLOBALS[root_path] parameter to (b) usr/extensions/get_tree.inc.php. | |||||
| CVE-2006-4072 | 1 Club-nuke | 1 Club-nuke | 2017-10-19 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp. | |||||
| CVE-2006-4074 | 1 Joomla | 1 Jd-wiki | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||