Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6615 | 1 Mxbb | 1 Activity Games Module | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-6624 | 1 Sambar | 1 Sambar Server | 2017-10-19 | 4.0 MEDIUM | N/A |
| The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. | |||||
| CVE-2006-6631 | 1 Ibiblio | 1 Osprey | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | |||||
| CVE-2006-6632 | 1 Genepi | 1 Genepi | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. | |||||
| CVE-2006-6633 | 1 Yapbb | 1 Yapbb | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter. | |||||
| CVE-2006-6635 | 1 Jumbacms | 1 Jumbacms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter. | |||||
| CVE-2006-6643 | 1 Fightersoft Multimedia | 1 Star Ftp Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments. | |||||
| CVE-2006-6644 | 1 Mxbb | 1 Mxbb Meeting | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-6645 | 1 Mxbb | 1 Mxbb Web Links | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | |||||
| CVE-2006-6650 | 1 Mxbb | 1 Mxbb Charts | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-6661 | 1 Php-update | 1 Php-update | 2017-10-19 | 7.5 HIGH | N/A |
| Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters. | |||||
| CVE-2006-6665 | 1 Astonsoft | 1 Deepburner | 2017-10-19 | 6.8 MEDIUM | N/A |
| Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file. | |||||
| CVE-2006-6666 | 1 Verliadmin | 1 Verliadmin | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter. | |||||
| CVE-2006-6673 | 1 Winftp Server | 1 Winftp Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands. | |||||
| CVE-2006-6686 | 1 Textsend | 1 Textsend | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in sender.php in Carsen Klock TextSend 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | |||||
| CVE-2006-6691 | 1 Valdersoft | 1 Shopping Cart | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php. | |||||
| CVE-2006-6694 | 1 Scriptsfrenzy.com | 1 E-uploader Pro | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php. | |||||
| CVE-2006-6710 | 1 Matteolucarelli | 1 Pgmreloaded | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php. | |||||
| CVE-2006-6711 | 1 Newxooper | 1 Newxooper | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | |||||
| CVE-2006-6716 | 1 Eric Guillaume | 1 Upload Download De Fichiers | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administration/administre2.php in Eric GUILLAUME uploader&downloader 3 allows remote attackers to execute arbitrary SQL commands via the id_user parameter. | |||||
| CVE-2006-6719 | 1 Gnu | 1 Wget | 2017-10-19 | 5.0 MEDIUM | N/A |
| The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | |||||
| CVE-2006-6720 | 1 Azucar Cms | 1 Azucar Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter. | |||||
| CVE-2006-6722 | 1 Jelle De Vos | 1 Bandwebsite | 2017-10-19 | 7.5 HIGH | N/A |
| Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1. | |||||
| CVE-2006-6723 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2017-10-19 | 7.8 HIGH | N/A |
| The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. | |||||
| CVE-2006-6724 | 1 Bolintech | 1 Dream Ftp Server | 2017-10-19 | 4.0 MEDIUM | N/A |
| BolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (application crash) via a certain invalid PORT command. | |||||
| CVE-2006-6726 | 1 Inertianews | 1 Inertianews | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter. | |||||
| CVE-2006-6732 | 1 Cwm-design | 1 Cwmvote | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter. | |||||
| CVE-2006-6738 | 1 Cwm-design | 1 Cwmcounter | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-6739 | 1 Paristemi | 1 Paristemi | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CVE-2006-6689. | |||||
| CVE-2006-6740 | 1 Phpprofiles | 1 Phpprofiles | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6757 | 1 Cwm-design | 1 Cwmexplorer | 2017-10-19 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter. | |||||
| CVE-2006-6758 | 1 Http Explorer | 1 Http Explorer Web Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI. | |||||
| CVE-2006-6759 | 1 Realnetworks | 1 Realplayer | 2017-10-19 | 5.0 MEDIUM | N/A |
| A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments. | |||||
| CVE-2006-6760 | 1 Phpmymanga | 1 Phpmymanga | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in template.php in Phpmymanga 0.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) actionsPage or (2) formPage parameter. | |||||
| CVE-2006-6764 | 1 Keep It Simple Guest Book | 1 Keep It Simple Guest Book | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes parameter. | |||||
| CVE-2006-6765 | 1 Pagetool | 1 Pagetool | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter. | |||||
| CVE-2006-6770 | 1 Jinzora | 1 Jinzora | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php. | |||||
| CVE-2006-6771 | 1 Irokez | 1 Irokez Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/. | |||||
| CVE-2006-6774 | 1 Ciberia | 1 Content Federator | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6775 | 1 Acftp | 1 Acftp | 2017-10-19 | 3.5 LOW | N/A |
| acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command. | |||||
| CVE-2006-6785 | 1 Open Newsletter | 1 Open Newsletter | 2017-10-19 | 7.5 HIGH | N/A |
| The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability. | |||||
| CVE-2006-6786 | 1 Open Newsletter | 1 Open Newsletter | 2017-10-19 | 6.5 MEDIUM | N/A |
| Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php. | |||||
| CVE-2006-6787 | 1 Mxmania | 1 Newsletter Mx | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-6792 | 1 Mxmania | 1 Calendar Mx Basic | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6795 | 1 Myphpnuke | 1 Myphpnuke My Egallery | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | |||||
| CVE-2006-6796 | 1 Mtcms | 1 Mtcms | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter. | |||||
| CVE-2006-6801 | 1 Sh-news | 1 Sh-news | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter. | |||||
| CVE-2006-6802 | 1 Enthrallweb | 1 Epages | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter. | |||||
| CVE-2006-6803 | 1 Enthrallweb | 1 Ecars | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter. | |||||
| CVE-2006-6804 | 1 Enthrallweb | 1 Dragon Business Directory Pro | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||