Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6028 | 1 Anton Vlasov | 1 Dosepa | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path in the file parameter. | |||||
| CVE-2006-5731 | 1 Lithium Cms | 1 Lithium Cms | 2017-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the siteconf[curl] parameter, as demonstrated by a POST to news/comment.php containing PHP code, which is stored under db/comments/news/ and included by classes/index.php. | |||||
| CVE-2006-6524 | 1 Ezhrs | 1 Hr Assist | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the Uname (UserName) parameter. | |||||
| CVE-2006-6711 | 1 Newxooper | 1 Newxooper | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | |||||
| CVE-2006-6716 | 1 Eric Guillaume | 1 Upload Download De Fichiers | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administration/administre2.php in Eric GUILLAUME uploader&downloader 3 allows remote attackers to execute arbitrary SQL commands via the id_user parameter. | |||||
| CVE-2006-6719 | 1 Gnu | 1 Wget | 2017-10-19 | 5.0 MEDIUM | N/A |
| The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | |||||
| CVE-2006-6871 | 1 Endonesia | 1 Endonesia | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php. | |||||
| CVE-2006-6722 | 1 Jelle De Vos | 1 Bandwebsite | 2017-10-19 | 7.5 HIGH | N/A |
| Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1. | |||||
| CVE-2006-6724 | 1 Bolintech | 1 Dream Ftp Server | 2017-10-19 | 4.0 MEDIUM | N/A |
| BolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (application crash) via a certain invalid PORT command. | |||||
| CVE-2006-6888 | 1 P-news | 1 P-news | 2017-10-19 | 5.0 MEDIUM | N/A |
| P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. | |||||
| CVE-2006-6889 | 1 Freestyle | 1 Freestyle Wiki | 2017-10-19 | 7.5 HIGH | N/A |
| FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. | |||||
| CVE-2006-5676 | 1 Uni-vert | 1 Phpleague | 2017-10-19 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter. | |||||
| CVE-2006-5673 | 1 Minibb | 1 Minibb | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. | |||||
| CVE-2006-6890 | 1 Voc-project | 1 Voodoo Chat | 2017-10-19 | 7.5 HIGH | N/A |
| Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat. | |||||
| CVE-2006-6891 | 1 Vz Forum | 1 Vz Forum | 2017-10-19 | 5.0 MEDIUM | N/A |
| Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt. | |||||
| CVE-2006-6039 | 1 Powie | 1 Php Matchmaker | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter. | |||||
| CVE-2006-5672 | 1 Mysource Cms | 1 Mysource Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in web/init_mysource.php in MySource CMS 2.16.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. | |||||
| CVE-2006-5670 | 1 Free Php Scripts | 1 Free Image Hosting | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. | |||||
| CVE-2006-5669 | 1 Gepi | 1 Gepi | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. | |||||
| CVE-2006-6757 | 1 Cwm-design | 1 Cwmexplorer | 2017-10-19 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter. | |||||
| CVE-2006-6758 | 1 Http Explorer | 1 Http Explorer Web Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI. | |||||
| CVE-2006-6759 | 1 Realnetworks | 1 Realplayer | 2017-10-19 | 5.0 MEDIUM | N/A |
| A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments. | |||||
| CVE-2006-6063 | 1 Un4seen | 1 Xmplay | 2017-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName. | |||||
| CVE-2006-6775 | 1 Acftp | 1 Acftp | 2017-10-19 | 3.5 LOW | N/A |
| acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command. | |||||
| CVE-2006-5666 | 1 Asmir Alic | 1 E Annu | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6764 | 1 Keep It Simple Guest Book | 1 Keep It Simple Guest Book | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes parameter. | |||||
| CVE-2006-6765 | 1 Pagetool | 1 Pagetool | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter. | |||||
| CVE-2006-5665 | 1 Spider Friendly | 1 Spider Friendly | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-6770 | 1 Jinzora | 1 Jinzora | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php. | |||||
| CVE-2006-6771 | 1 Irokez | 1 Irokez Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/. | |||||
| CVE-2006-5641 | 1 Techno Dreams | 1 Announcement Script | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2006-6774 | 1 Ciberia | 1 Content Federator | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5640 | 1 Techno Dreams | 1 Techno Dreams Guest Book | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2006-5638 | 1 Phpmyring | 1 Phpmyring | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters. | |||||
| CVE-2006-5637 | 1 Faq Administrator | 1 Faq Administrator | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter. | |||||
| CVE-2006-5625 | 1 Nx | 1 N X Wcms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter. | |||||
| CVE-2006-5623 | 1 Ee Tool | 1 Ee Tool | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter. | |||||
| CVE-2006-5714 | 1 Efs Software | 1 Efs Web Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream. | |||||
| CVE-2006-6785 | 1 Open Newsletter | 1 Open Newsletter | 2017-10-19 | 7.5 HIGH | N/A |
| The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability. | |||||
| CVE-2006-6786 | 1 Open Newsletter | 1 Open Newsletter | 2017-10-19 | 6.5 MEDIUM | N/A |
| Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php. | |||||
| CVE-2006-6787 | 1 Mxmania | 1 Newsletter Mx | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-5622 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. | |||||
| CVE-2006-5618 | 1 Netref | 1 Netref | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter. | |||||
| CVE-2006-5614 | 1 Microsoft | 2 Windows Nt Helper Components, Windows Xp | 2017-10-19 | 2.6 LOW | N/A |
| Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. | |||||
| CVE-2006-5613 | 1 Mp3 Streaming Downsampler | 1 Mp3 Streaming Downsampler | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter | |||||
| CVE-2006-6792 | 1 Mxmania | 1 Calendar Mx Basic | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5597 | 1 Minihttp | 1 Web Forum File Sharing Sever Powerpack | 2017-10-19 | 7.5 HIGH | N/A |
| join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters. | |||||
| CVE-2006-5596 | 1 Aep Networks | 1 Smartgate Ssl Server | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request. | |||||
| CVE-2006-6795 | 1 Myphpnuke | 1 Myphpnuke My Egallery | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | |||||
| CVE-2006-6796 | 1 Mtcms | 1 Mtcms | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter. | |||||