Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5514 | 1 Web Group Communication Center | 1 Web Group Communication Center | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter. | |||||
| CVE-2006-5526 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter in (a) faq.php, (b) index.php, (c) list.php, (d) login.php, (e) playlist.php, (f) song.php, (g) gen_m3u.php, (h) view_artist.php, (i) view_song.php, (j) flash/set_na.php, (k) flash/initialise.php, (l) flash/get_song.php, (m) includes/common.php, (n) admin/nav.php, (o) admin/main.php, (p) admin/list_artists.php, (q) admin/index.php, (r) admin/genres.php, (s) admin/edit_artist.php, (t) admin/edit_album.php, (u) admin/config.php, and (v) admin/admin_status.php in player/, different vectors than CVE-2006-3045. NOTE: CVE analysis as of 20061026 indicates that files in the admin/ and flash/ directories define foing_root_path before use. | |||||
| CVE-2006-6115 | 1 Fipsasp | 1 Fipscms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2006-6910 | 1 Fersch | 1 Formbankserver | 2017-10-19 | 7.8 HIGH | N/A |
| formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. | |||||
| CVE-2006-6911 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2017-10-19 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter. | |||||
| CVE-2006-6116 | 1 Fipsasp | 1 Fipsforum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter. | |||||
| CVE-2006-5511 | 1 Jaxultrabb | 1 Jaxultrabb | 2017-10-19 | 2.6 LOW | N/A |
| Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter. | |||||
| CVE-2006-5510 | 1 Bluevirus-design | 1 Ph Pexplorer | 2017-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code. | |||||
| CVE-2006-6117 | 1 Fipsasp | 1 Fipsgallery | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter. | |||||
| CVE-2006-6938 | 1 Nitrotech | 1 Nitrotech | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter. | |||||
| CVE-2006-6941 | 1 Freewebshop | 1 Freewebshop | 2017-10-19 | 5.0 MEDIUM | N/A |
| index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message. | |||||
| CVE-2006-6465 | 1 Wikyblog | 1 Wikyblog | 2017-10-19 | 6.5 MEDIUM | N/A |
| ** DISPUTED ** Directory traversal vulnerability in WBmap.php in WikyBlog 1.3.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. NOTE: CVE disputes this vulnerability because l is validated by ctype_alpha before use. | |||||
| CVE-2006-6453 | 1 J-owamp | 1 Web Interface | 2017-10-19 | 6.5 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter. | |||||
| CVE-2006-5548 | 1 Otscms | 1 Otscms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][directories][classes] parameter. | |||||
| CVE-2006-6445 | 1 Envolution | 1 Envolution | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | |||||
| CVE-2006-6137 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php. | |||||
| CVE-2006-6138 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter. | |||||
| CVE-2006-6149 | 1 Jiros | 1 Faq Manager | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter. | |||||
| CVE-2006-6150 | 1 Owllib | 1 Owllib | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter. | |||||
| CVE-2006-6160 | 1 Doug Luxem | 1 Liberum Help Desk | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6426 | 1 Thinkedit | 1 Thinkedit | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in design/thinkedit/render.php in ThinkEdit 1.9.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the template_file parameter. | |||||
| CVE-2006-6390 | 1 Open Solution | 1 Quick.cart | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts. | |||||
| CVE-2006-5497 | 1 Middlebury College | 1 Segue Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter. | |||||
| CVE-2006-6381 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2006-6380 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2006-6191 | 1 8pixel.net | 1 Simple Blog | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6193 | 1 Basicforum | 1 Basicforum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6202 | 1 Nukeai | 1 Nukeai | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter. | |||||
| CVE-2006-6203 | 1 Krishan | 1 Flyspray | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2006-6213 | 1 Pegames | 1 Pegames | 2017-10-19 | 7.5 HIGH | N/A |
| index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value. | |||||
| CVE-2006-6368 | 1 Awrate | 1 Awrate | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php. | |||||
| CVE-2006-5546 | 1 Otscms | 1 Otscms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.3.0 through 1.4.1 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][classes] parameter. | |||||
| CVE-2006-6214 | 1 Wallpaper | 1 Wallpaper Complete Website | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter. | |||||
| CVE-2006-6216 | 1 Nivisec | 1 Hacks List | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hacks List 1.21 and earlier phpBB module allows remote attackers to execute arbitrary SQL commands via the hack_id parameter. | |||||
| CVE-2006-6360 | 1 Sergey Korostel | 1 Php Upload Center | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter. | |||||
| CVE-2006-7156 | 1 Minibb | 1 Keyword Replacer | 2017-10-19 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. | |||||
| CVE-2006-6220 | 1 Recipes Complete Website | 1 Recipes Complete Website | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php. | |||||
| CVE-2006-6225 | 1 Geeklog | 1 Geeklog | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory. | |||||
| CVE-2007-0356 | 2 Common Controls Replacement Project, Microsoft | 2 Foldertreeview Activex Control, Ie | 2017-10-19 | 5.0 MEDIUM | N/A |
| The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. | |||||
| CVE-2006-7172 | 1 Php-stats | 1 Php-stats | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter. | |||||
| CVE-2006-7173 | 1 Php-stats | 1 Php-stats | 2017-10-19 | 10.0 HIGH | N/A |
| Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php. | |||||
| CVE-2006-6250 | 1 Songbird | 1 Songbird Media Player | 2017-10-19 | 7.8 HIGH | N/A |
| Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the Unicode converter to be invoked. | |||||
| CVE-2006-6251 | 1 Vuplayer | 1 Vuplayer | 2017-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack. | |||||
| CVE-2006-6255 | 1 Nukeai | 1 Nukeai | 2017-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request. | |||||
| CVE-2006-6261 | 2 Microsoft, Quinnware | 7 Windows 2000, Windows 95, Windows 98 and 4 more | 2017-10-19 | 9.3 HIGH | N/A |
| Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields. | |||||
| CVE-2006-6376 | 1 Onedotoh | 1 Simple File Manager | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code. | |||||
| CVE-2006-6330 | 1 Torrentflux | 1 Torrentflux | 2017-10-19 | 6.0 MEDIUM | N/A |
| index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter. | |||||
| CVE-2006-6329 | 1 Torrentflux | 1 Torrentflux | 2017-10-19 | 4.9 MEDIUM | N/A |
| index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter. | |||||
| CVE-2006-6328 | 1 Torrentflux | 1 Torrentflux | 2017-10-19 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter. | |||||
| CVE-2006-6285 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2017-10-19 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the externalConfig parameter. NOTE: CVE and other third parties dispute this vulnerability because $externalConfig is defined before use. | |||||