Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6661 | 1 Php-update | 1 Php-update | 2017-10-19 | 7.5 HIGH | N/A |
| Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters. | |||||
| CVE-2006-6846 | 1 Cybercoded | 1 While You Were Out Inout Board | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp. | |||||
| CVE-2006-6632 | 1 Genepi | 1 Genepi | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. | |||||
| CVE-2006-6633 | 1 Yapbb | 1 Yapbb | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter. | |||||
| CVE-2006-6635 | 1 Jumbacms | 1 Jumbacms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter. | |||||
| CVE-2006-5894 | 1 Rama Cms | 1 Rama Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php. | |||||
| CVE-2004-2513 | 1 Pmail | 1 Pegasus | 2017-10-19 | 10.0 HIGH | N/A |
| Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command. | |||||
| CVE-1999-1573 | 1 Hp | 1 Hp-ux | 2017-10-19 | 10.0 HIGH | N/A |
| Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files. | |||||
| CVE-1999-0562 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2017-10-19 | 7.5 HIGH | N/A |
| The registry in Windows NT can be accessed remotely by users who are not administrators. | |||||
| CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2017-10-19 | 2.1 LOW | N/A |
| cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. | |||||
| CVE-2002-2217 | 1 Comscripts | 1 Web Server Creator | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php. | |||||
| CVE-2001-0328 | 2017-10-19 | 5.0 MEDIUM | N/A | ||
| TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN. | |||||
| CVE-2001-0380 | 1 Crosscom Olicom | 1 Xlt-f | 2017-10-19 | 6.4 MEDIUM | N/A |
| Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'. | |||||
| CVE-2000-1134 | 7 Caldera, Conectiva, Hp and 4 more | 9 Openlinux, Openlinux Edesktop, Openlinux Eserver and 6 more | 2017-10-19 | 7.2 HIGH | N/A |
| Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack. | |||||
| CVE-2000-1126 | 1 Hp | 1 Hp-ux | 2017-10-19 | 10.0 HIGH | N/A |
| Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service. | |||||
| CVE-2003-1314 | 1 Eternalmart | 1 Eternalmart Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter. | |||||
| CVE-2005-0847 | 1 Code Ocean | 1 Ocean Ftp Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections. | |||||
| CVE-2005-1667 | 1 Datatrac | 1 Activity Console | 2017-10-19 | 5.0 MEDIUM | N/A |
| DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. | |||||
| CVE-2005-2327 | 1 E107 | 1 E107 | 2017-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. | |||||
| CVE-2005-1598 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. | |||||
| CVE-2005-0859 | 1 Czaries Network | 1 Czarnews | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14. | |||||
| CVE-2006-1219 | 1 Gallery Project | 1 Gallery | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. | |||||
| CVE-2006-0962 | 1 Vubb | 1 Vubb | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie. | |||||
| CVE-2006-1595 | 1 Claroline | 1 Claroline | 2017-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command. | |||||
| CVE-2006-1596 | 1 Claroline | 1 Claroline | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter. | |||||
| CVE-2006-0099 | 1 Valdersoft | 1 Valdersoft Shopping Cart | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter. | |||||
| CVE-2006-1001 | 1 Lansuite | 1 Lanparty Intranet System | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2006-1668 | 1 Crafty Syntax Image Gallery | 1 Crafty Syntax Image Gallery | 2017-10-19 | 9.0 HIGH | N/A |
| newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php. | |||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2017-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | |||||
| CVE-2006-1667 | 1 Crafty Syntax Image Gallery | 1 Crafty Syntax Image Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php. | |||||
| CVE-2006-1694 | 1 Xbrite | 1 Xbrite Members | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1708 | 1 Clansys | 1 Clansys | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php. | |||||
| CVE-2006-1710 | 1 Design Nation | 1 Dnguestbook | 2017-10-19 | 7.6 HIGH | N/A |
| SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. | |||||
| CVE-2005-4411 | 1 David Harris | 1 Mercury Mail Transport System | 2017-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105. | |||||
| CVE-2006-3294 | 1 Cbsms | 1 Mambo Module | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-1149 | 1 Owl | 1 Owl Intranet Engine | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use. | |||||
| CVE-2006-1327 | 1 Softbb | 1 Softbb | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter. | |||||
| CVE-2006-1784 | 1 Sphider | 1 Sphider | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. | |||||
| CVE-2006-1819 | 1 Phpwebsite | 1 Phpwebsite | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename". | |||||
| CVE-2006-1799 | 1 Adcentrix | 1 Censtore | 2017-10-19 | 7.5 HIGH | N/A |
| censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | |||||
| CVE-2006-2149 | 1 Avatic | 1 Aardvark Topsites Php | 2017-10-19 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code. | |||||
| CVE-2006-1153 | 1 D2-shoutbox | 1 D2-shoutbox | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB). | |||||
| CVE-2006-0888 | 1 Invision Power Services | 1 Invision Power Board | 2017-10-19 | 2.6 LOW | N/A |
| index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. | |||||
| CVE-2006-1828 | 1 Php121 | 1 Php121 Instant Messenger | 2017-10-19 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement. | |||||
| CVE-2006-1831 | 1 Coder-world | 1 Sysinfo | 2017-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php. | |||||
| CVE-2006-1832 | 1 Coder-world | 1 Sysinfo | 2017-10-19 | 5.0 MEDIUM | N/A |
| sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action. | |||||
| CVE-2006-1837 | 1 Clanscripte.net | 1 Fuju News | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-1838 | 1 Clanscripte.net | 1 Fuju News | 2017-10-19 | 7.5 HIGH | N/A |
| edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie. | |||||
| CVE-2006-2134 | 1 Phpbb Group | 1 Phpbb | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2005-4218 | 1 Phpwebthings | 1 Phpwebthings | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585. | |||||