Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5224 | 1 Dimitri Seitz | 1 Security Suite Ip Logger | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5254 | 1 Mamboxchange | 1 Extended Registration | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-5257 | 1 Ciamos | 1 Ciamos Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter. | |||||
| CVE-2006-5259 | 1 Compteur | 1 Compteur | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in param_editor.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the folder parameter. | |||||
| CVE-2006-5263 | 1 Phpmyagenda | 1 Phpmyagenda | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code. | |||||
| CVE-2006-5280 | 1 Cuttlefish Multimedia Ltd. | 1 Leicestershire Communityportals | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter. | |||||
| CVE-2006-5281 | 1 Navyism | 1 N At Board | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter. | |||||
| CVE-2006-5283 | 1 Minichat | 1 Minichat | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter. | |||||
| CVE-2006-5284 | 1 Php News Reader | 1 Php News Reader | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter. | |||||
| CVE-2006-5292 | 1 Exhibit Engine | 1 Exhibit Engine | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | |||||
| CVE-2006-5296 | 1 Microsoft | 1 Powerpoint | 2017-10-19 | 4.3 MEDIUM | N/A |
| PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. | |||||
| CVE-2006-5301 | 1 Phpbb | 1 Spamblockermod | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/antispam.php in the SpamBlockerMODv 1.0.2 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5302 | 1 Redaction System | 1 Redaction System | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Redaction System 1.0000 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_prefix parameter to (a) conn.php, (b) sesscheck.php, (c) wap/conn.php, or (d) wap/sesscheck.php, or the (2) lang parameter to (e) index.php. | |||||
| CVE-2006-5304 | 1 Inccms Technology | 1 Inccms Core | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | |||||
| CVE-2006-5307 | 1 Afgb | 1 Afgb Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the Htmls parameter in (1) add.php, (2) admin.php, (3) look.php, or (4) re.php. | |||||
| CVE-2006-5312 | 1 Phpbb | 1 Ajax Shoutbox | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Shoutbox 0.0.5 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5383 | 1 Def-blog | 1 Def-blog | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. | |||||
| CVE-2006-5384 | 1 Cds Software Consortium | 1 Cds Agenda | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter. | |||||
| CVE-2006-5386 | 1 Nuralstorm | 1 Nuralstorm Webmail | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in process.php in NuralStorm Webmail 0.98b and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DEFAULT_SKIN parameter. | |||||
| CVE-2006-5388 | 1 Webspell | 1 Webspell | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783. | |||||
| CVE-2006-5390 | 1 Phpbb | 1 Acp User Registration Module | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5391 | 1 Xfire | 1 Xfire | 2017-10-19 | 5.0 MEDIUM | N/A |
| Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777. | |||||
| CVE-2006-5392 | 1 Opendoc | 1 Fullcore | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart.php, (5) lib_sys_cart.php, and (6) txt_info_cart.php in sw/lib_cart/; (7) comment.php, (8) find_comment.php, and (9) lib_comment.php in sw/lib_comment/; (10) sw/lib_find/find.php; and other unspecified PHP scripts. | |||||
| CVE-2006-5400 | 1 Cyberbrau | 1 Cyberbrau | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in forum/track.php in CyberBrau 0.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-5401 | 1 Aroundme | 1 Aroundme | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter. | |||||
| CVE-2006-5412 | 1 Php Outburst | 1 Easynews | 2017-10-19 | 5.1 MEDIUM | N/A |
| admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter. | |||||
| CVE-2006-5413 | 1 Supermod | 1 Supermod | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php. | |||||
| CVE-2006-5419 | 1 University Of Glasgow | 1 Specimen Image Database | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in client.php in University of Glasgow Specimen Image Database (SID), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. | |||||
| CVE-2006-5421 | 1 Wsn Forum | 1 Wsn Forum | 2017-10-19 | 7.5 HIGH | N/A |
| WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability. | |||||
| CVE-2006-5426 | 1 Local Calendar System | 1 Local Calendar System | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter. | |||||
| CVE-2006-5427 | 1 Php Amx | 1 Php Amx | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in plugins/main.php in Php AMX 0.9.0, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plug_path parameter. | |||||
| CVE-2006-5429 | 1 Barry Nauta | 1 Brim | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter in template.tpl.php in (1) templates/barrel/, (2) templates/sidebar/, (3) templates/text-only, (4) templates/slashdot/, (5) templates/penguin/, (6) templates/pda/, (7) templates/oerdec/, (8) templates/nifty/, (9) templates/mylook, and (10) templates/barry/. | |||||
| CVE-2006-5432 | 1 Marc Giombetti | 1 Phppowercards | 2017-10-19 | 2.6 LOW | N/A |
| Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file. | |||||
| CVE-2006-5433 | 1 Timm Maass | 1 Alice Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[local_root] parameter. | |||||
| CVE-2006-5434 | 1 P-news | 1 P-news | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter. | |||||
| CVE-2006-5458 | 1 Hinton Design | 1 Phpht Topsites | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter. | |||||
| CVE-2006-5471 | 1 Softerra | 1 Php Developer Library | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters. | |||||
| CVE-2006-5472 | 1 Softerra | 1 Php Developer Library | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php. | |||||
| CVE-2006-5480 | 1 Castor | 1 Php Web Builder | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter. | |||||
| CVE-2006-5494 | 1 Phpnuke | 1 Php-nuke | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap CVE-2006-6795. | |||||
| CVE-2006-5497 | 1 Middlebury College | 1 Segue Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter. | |||||
| CVE-2006-5506 | 1 Wiclear | 1 Wiclear | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/. | |||||
| CVE-2006-5510 | 1 Bluevirus-design | 1 Ph Pexplorer | 2017-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code. | |||||
| CVE-2006-5511 | 1 Jaxultrabb | 1 Jaxultrabb | 2017-10-19 | 2.6 LOW | N/A |
| Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter. | |||||
| CVE-2006-5514 | 1 Web Group Communication Center | 1 Web Group Communication Center | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter. | |||||
| CVE-2006-5518 | 1 Christopher Fowler | 1 Rssonate | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/. | |||||
| CVE-2006-5519 | 1 Mambweather | 1 Mambweather | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-5521 | 1 Net Dns | 1 Net Dns | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. | |||||
| CVE-2006-5522 | 1 Johannes Erdfelt | 1 Kawf | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php. | |||||
| CVE-2006-5523 | 1 Ez-ticket | 1 Ez-ticket | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter. | |||||