Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5525 | 1 Phpnuke | 1 Php-nuke | 2017-10-19 | 5.1 MEDIUM | N/A |
| Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. | |||||
| CVE-2006-5471 | 1 Softerra | 1 Php Developer Library | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters. | |||||
| CVE-2006-5472 | 1 Softerra | 1 Php Developer Library | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php. | |||||
| CVE-2007-0200 | 1 Geoffrey Golliher | 1 Axiom Photo News Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter. | |||||
| CVE-2007-0338 | 1 Bolintech | 1 Dreamftp Server | 2017-10-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log. | |||||
| CVE-2007-0337 | 1 Kgb | 1 Kgb | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php. | |||||
| CVE-2007-0359 | 1 Uberghey | 1 Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | |||||
| CVE-2007-0224 | 1 Virtual Programming | 1 Vp-asp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter. | |||||
| CVE-2007-0225 | 1 Virtual Programming | 1 Vp-asp | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2007-0314 | 1 Article System | 1 Article System | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php. | |||||
| CVE-2007-0233 | 1 Wordpress | 1 Wordpress | 2017-10-19 | 7.5 HIGH | N/A |
| wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress. | |||||
| CVE-2006-5930 | 1 Aigaion | 1 Aigaion | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php. | |||||
| CVE-2006-6575 | 1 Brian Drawert | 1 Yaplap | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGIN_style parameter. | |||||
| CVE-2006-6812 | 1 Myphpcalendar | 1 Myphpcalendar | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php. | |||||
| CVE-2006-6568 | 1 Mxbb | 1 Kb Mods | 2017-10-19 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter. | |||||
| CVE-2006-6586 | 1 Vblog | 1 Vblog | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/. | |||||
| CVE-2006-5890 | 1 Superfreaker Studios | 1 Usupport | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5889 | 1 Brewblogger | 1 Brewblogger | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6590 | 1 Php | 1 Ar Memberscript | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter. | |||||
| CVE-2006-5880 | 1 Isystems | 1 Munch Pro | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-6567 | 1 Mxbb | 1 Kb Mods | 2017-10-19 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-6566 | 1 Mxbb | 1 Mxbb | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-6560 | 1 Mxbb | 1 Modsdb | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in the mx_modsdb 1.0.0 module for MxBB (aka MX-System) Portal allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-5863 | 1 Otterware | 1 Letterit2 | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
| CVE-2006-5852 | 1 Openbase International Ltd | 1 Openbase | 2017-10-19 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327. | |||||
| CVE-2006-6598 | 1 Torrentflux | 2 Torrentflux, Torrentflux-b4rt | 2017-10-19 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328. | |||||
| CVE-2006-6599 | 1 Torrentflux | 1 Torrentflux | 2017-10-19 | 6.0 MEDIUM | N/A |
| maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter. | |||||
| CVE-2006-6559 | 1 Lotfian | 1 Request For Travel | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ProductDetails.asp in Lotfian Request For Travel 1.0 allows remote attackers to execute arbitrary SQL commands via the PID parameter. | |||||
| CVE-2006-5849 | 1 Irayoblog | 1 Irayoblog | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter. | |||||
| CVE-2006-6558 | 1 Crob | 1 Crob Ftp Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command. | |||||
| CVE-2006-6604 | 1 Torrentflux | 1 Torrentflux | 2017-10-19 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328. | |||||
| CVE-2006-5839 | 1 Phpadventure | 1 Phpadventure | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter. | |||||
| CVE-2006-5948 | 1 Ringsworld | 1 Phppeanuts | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. | |||||
| CVE-2006-5952 | 1 Asp Smiley | 1 Asp Smiley | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 allows remote attackers to execute arbitrary SQL commands via the Username field. | |||||
| CVE-2006-6553 | 1 Mxbb | 1 Mxbb Newssuite | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | |||||
| CVE-2006-6611 | 1 Barman | 1 Barman | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | |||||
| CVE-2006-6612 | 1 Phpmycms | 1 Phpmycms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter. | |||||
| CVE-2006-6613 | 1 Phpalbum.net | 1 Phpalbum | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | |||||
| CVE-2006-6552 | 1 Php | 1 Blog Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. | |||||
| CVE-2006-6615 | 1 Mxbb | 1 Activity Games Module | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-5837 | 1 Simplechat | 1 Simplechat | 2017-10-19 | 7.5 HIGH | N/A |
| Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter. | |||||
| CVE-2006-5834 | 1 Opensolution | 1 Quick.cms.lite | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter. | |||||
| CVE-2006-5828 | 1 Deltascripts | 1 Php Classifieds | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2006-5803 | 1 Mxbb | 1 Mxbb Smartor Album | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-5954 | 1 Netvios | 1 Netvios | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. | |||||
| CVE-2006-6624 | 1 Sambar | 1 Sambar Server | 2017-10-19 | 4.0 MEDIUM | N/A |
| The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. | |||||
| CVE-2006-5802 | 1 The Web Drivers | 1 Simple Forum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5796 | 1 Soholaunch | 1 Soholaunch Pro Edition | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php. | |||||
| CVE-2006-5787 | 1 Iprimal | 1 Iprimal Forums | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php. | |||||
| CVE-2006-6631 | 1 Ibiblio | 1 Osprey | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | |||||