Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5525 | 1 Phpnuke | 1 Php-nuke | 2017-10-19 | 5.1 MEDIUM | N/A |
| Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. | |||||
| CVE-2006-5526 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter in (a) faq.php, (b) index.php, (c) list.php, (d) login.php, (e) playlist.php, (f) song.php, (g) gen_m3u.php, (h) view_artist.php, (i) view_song.php, (j) flash/set_na.php, (k) flash/initialise.php, (l) flash/get_song.php, (m) includes/common.php, (n) admin/nav.php, (o) admin/main.php, (p) admin/list_artists.php, (q) admin/index.php, (r) admin/genres.php, (s) admin/edit_artist.php, (t) admin/edit_album.php, (u) admin/config.php, and (v) admin/admin_status.php in player/, different vectors than CVE-2006-3045. NOTE: CVE analysis as of 20061026 indicates that files in the admin/ and flash/ directories define foing_root_path before use. | |||||
| CVE-2006-5531 | 1 Ascended Development | 1 Ascended Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter. | |||||
| CVE-2006-5539 | 1 Ueberproject Management System | 1 Ueberproject Management System | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter. | |||||
| CVE-2006-6847 | 1 Realnetworks | 1 Realplayer | 2017-10-19 | 5.0 MEDIUM | N/A |
| An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument. | |||||
| CVE-2006-6848 | 1 Aspticker | 1 Aspticker | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | |||||
| CVE-2006-6850 | 1 Shadowed Works | 1 Shadowed Portal | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | |||||
| CVE-2006-5546 | 1 Otscms | 1 Otscms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.3.0 through 1.4.1 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][classes] parameter. | |||||
| CVE-2006-5547 | 1 Otscms | 1 Otscms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.0.0 through 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][includes] parameter. | |||||
| CVE-2006-5548 | 1 Otscms | 1 Otscms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][directories][classes] parameter. | |||||
| CVE-2006-5551 | 1 Qksoft | 1 Qk Smtp | 2017-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command. | |||||
| CVE-2006-5552 | 1 Revilloc Solutions | 1 Revilloc Mailserver | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and earlier allow remote attackers to cause a denial of service (CPU consumption or application crash) or execute arbitrary code via a long argument to the (1) MAIL FROM or (2) RCPT TO command. | |||||
| CVE-2006-5554 | 1 Blackdot | 1 Imageview | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php. | |||||
| CVE-2006-5555 | 1 Epnadmin | 1 Epnadmin | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter. | |||||
| CVE-2006-5556 | 1 Hp | 1 Hp-ux | 2017-10-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable. | |||||
| CVE-2006-5557 | 1 Hp | 1 Hp-ux | 2017-10-19 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain. | |||||
| CVE-2006-5558 | 1 Hp | 1 Hp-ux | 2017-10-19 | 10.0 HIGH | N/A |
| Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain. | |||||
| CVE-2006-5561 | 1 Discuz | 1 Discuz Gbk | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie. | |||||
| CVE-2006-5562 | 1 Open Source Technology Group | 1 Sourceforge | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/database.php in SourceForge (aka alexandria) 1.0.4 allows remote attackers to execute arbitrary PHP code via the sys_dbtype parameter. | |||||
| CVE-2006-5587 | 1 Mdweb | 1 Mdweb | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php. | |||||
| CVE-2006-5588 | 1 Cms Faethon | 1 Cms Faethon | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185. | |||||
| CVE-2006-5596 | 1 Aep Networks | 1 Smartgate Ssl Server | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request. | |||||
| CVE-2006-5597 | 1 Minihttp | 1 Web Forum File Sharing Sever Powerpack | 2017-10-19 | 7.5 HIGH | N/A |
| join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters. | |||||
| CVE-2006-5613 | 1 Mp3 Streaming Downsampler | 1 Mp3 Streaming Downsampler | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter | |||||
| CVE-2006-5614 | 1 Microsoft | 2 Windows Nt Helper Components, Windows Xp | 2017-10-19 | 2.6 LOW | N/A |
| Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. | |||||
| CVE-2006-5618 | 1 Netref | 1 Netref | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter. | |||||
| CVE-2006-5621 | 1 Ask Rave | 1 Ask Rave | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter. | |||||
| CVE-2006-5622 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. | |||||
| CVE-2006-5623 | 1 Ee Tool | 1 Ee Tool | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter. | |||||
| CVE-2006-5625 | 1 Nx | 1 N X Wcms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter. | |||||
| CVE-2006-5634 | 1 Phpprofiles | 1 Phpprofiles | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php. | |||||
| CVE-2006-5637 | 1 Faq Administrator | 1 Faq Administrator | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter. | |||||
| CVE-2006-5638 | 1 Phpmyring | 1 Phpmyring | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters. | |||||
| CVE-2006-5640 | 1 Techno Dreams | 1 Techno Dreams Guest Book | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2006-5641 | 1 Techno Dreams | 1 Announcement Script | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2006-5665 | 1 Spider Friendly | 1 Spider Friendly | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5666 | 1 Asmir Alic | 1 E Annu | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5669 | 1 Gepi | 1 Gepi | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. | |||||
| CVE-2006-5670 | 1 Free Php Scripts | 1 Free Image Hosting | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. | |||||
| CVE-2006-5672 | 1 Mysource Cms | 1 Mysource Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in web/init_mysource.php in MySource CMS 2.16.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. | |||||
| CVE-2006-5673 | 1 Minibb | 1 Minibb | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. | |||||
| CVE-2006-5676 | 1 Uni-vert | 1 Phpleague | 2017-10-19 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter. | |||||
| CVE-2006-5714 | 1 Efs Software | 1 Efs Web Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream. | |||||
| CVE-2006-5715 | 1 Efs Software | 1 Easy Address Book | 2017-10-19 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream. | |||||
| CVE-2006-5725 | 1 Aep Networks | 1 Smartgate Ssl Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories. | |||||
| CVE-2006-5728 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2017-10-19 | 4.0 MEDIUM | N/A |
| XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags. | |||||
| CVE-2006-5730 | 1 Modxcms | 1 Modxcms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. | |||||
| CVE-2006-5731 | 1 Lithium Cms | 1 Lithium Cms | 2017-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the siteconf[curl] parameter, as demonstrated by a POST to news/comment.php containing PHP code, which is stored under db/comments/news/ and included by classes/index.php. | |||||
| CVE-2006-5732 | 1 Tgs Cms | 1 Tgs Cms | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie. | |||||
| CVE-2006-5733 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | |||||