Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5588 | 1 Cms Faethon | 1 Cms Faethon | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185. | |||||
| CVE-2006-6801 | 1 Sh-news | 1 Sh-news | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter. | |||||
| CVE-2006-6802 | 1 Enthrallweb | 1 Epages | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter. | |||||
| CVE-2006-6803 | 1 Enthrallweb | 1 Ecars | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter. | |||||
| CVE-2006-6804 | 1 Enthrallweb | 1 Dragon Business Directory Pro | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-6805 | 1 Enthrallweb | 1 Ejobs | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-6806 | 1 Enthrallweb | 1 Emates | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-6807 | 1 Softwebs Nepal | 1 Ananda Real Estate | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter. | |||||
| CVE-2006-6809 | 1 Vladimir Menshakov | 1 Buratinable Templator | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter. | |||||
| CVE-2006-6813 | 1 Mxmania | 1 Mxmania File Upload Manager | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-5587 | 1 Mdweb | 1 Mdweb | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php. | |||||
| CVE-2006-5893 | 1 Iwonder Designs | 1 Storystream | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/. | |||||
| CVE-2006-5715 | 1 Efs Software | 1 Easy Address Book | 2017-10-19 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream. | |||||
| CVE-2006-5562 | 1 Open Source Technology Group | 1 Sourceforge | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/database.php in SourceForge (aka alexandria) 1.0.4 allows remote attackers to execute arbitrary PHP code via the sys_dbtype parameter. | |||||
| CVE-2006-6820 | 1 Enthrallweb | 1 Ecoupons | 2017-10-19 | 3.5 LOW | N/A |
| myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | |||||
| CVE-2006-6821 | 1 Enthrallweb | 1 Enews | 2017-10-19 | 3.5 LOW | N/A |
| myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | |||||
| CVE-2006-6822 | 1 Enthrallweb | 1 Eclassifieds | 2017-10-19 | 3.5 LOW | N/A |
| myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | |||||
| CVE-2006-6823 | 1 Yrch | 1 Yrch | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-6827 | 1 Macromedia | 1 Flash Player | 2017-10-19 | 5.0 MEDIUM | N/A |
| Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method. | |||||
| CVE-2006-6093 | 1 Picturespro | 1 Picturespro Photo Cart | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters. | |||||
| CVE-2006-6830 | 1 Cafelog | 1 B2 Blog | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter. | |||||
| CVE-2006-5561 | 1 Discuz | 1 Discuz Gbk | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie. | |||||
| CVE-2006-6831 | 1 Alan Ward | 1 A-faq | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter. | |||||
| CVE-2006-5558 | 1 Hp | 1 Hp-ux | 2017-10-19 | 10.0 HIGH | N/A |
| Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain. | |||||
| CVE-2006-5557 | 1 Hp | 1 Hp-ux | 2017-10-19 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain. | |||||
| CVE-2006-5556 | 1 Hp | 1 Hp-ux | 2017-10-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable. | |||||
| CVE-2006-6842 | 1 Codemonkeyx | 1 Acronym Mod | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5555 | 1 Epnadmin | 1 Epnadmin | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter. | |||||
| CVE-2006-5554 | 1 Blackdot | 1 Imageview | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php. | |||||
| CVE-2006-6850 | 1 Shadowed Works | 1 Shadowed Portal | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | |||||
| CVE-2006-5551 | 1 Qksoft | 1 Qk Smtp | 2017-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command. | |||||
| CVE-2006-6853 | 1 Mozilla | 1 Durian Web Application Server | 2017-10-19 | 10.0 HIGH | N/A |
| Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. | |||||
| CVE-2006-6855 | 1 Aidex | 1 Mini-webserver | 2017-10-19 | 5.0 MEDIUM | N/A |
| AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6856 | 1 Webtext | 1 Webtext | 2017-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. | |||||
| CVE-2006-5539 | 1 Ueberproject Management System | 1 Ueberproject Management System | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter. | |||||
| CVE-2006-6859 | 1 Website Designs For Less | 1 Click N Print Coupons | 2017-10-19 | 10.0 HIGH | N/A |
| SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2006-5531 | 1 Ascended Development | 1 Ascended Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter. | |||||
| CVE-2006-5523 | 1 Ez-ticket | 1 Ez-ticket | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter. | |||||
| CVE-2006-5522 | 1 Johannes Erdfelt | 1 Kawf | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php. | |||||
| CVE-2006-6866 | 1 Stphp | 1 Easynews | 2017-10-19 | 7.8 HIGH | N/A |
| STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. | |||||
| CVE-2006-6867 | 1 Vladimir Meshakov | 1 Bubla | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809. | |||||
| CVE-2006-6869 | 1 Maxdev | 1 Mdforum | 2017-10-19 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | |||||
| CVE-2006-6872 | 1 Endonesia | 1 Endonesia | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. | |||||
| CVE-2006-6873 | 1 Endonesia | 1 Endonesia | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation. | |||||
| CVE-2006-5521 | 1 Net Dns | 1 Net Dns | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. | |||||
| CVE-2006-6877 | 1 Matteo Lucarelli | 1 3editor Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2006-6878 | 1 Php-update | 1 Php-update | 2017-10-19 | 7.5 HIGH | N/A |
| admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. | |||||
| CVE-2006-6879 | 1 Php-update | 1 Php-update | 2017-10-19 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. | |||||
| CVE-2006-5518 | 1 Christopher Fowler | 1 Rssonate | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/. | |||||
| CVE-2006-6885 | 1 Macromedia | 1 Shockwave | 2017-10-19 | 4.3 MEDIUM | N/A |
| An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. | |||||