Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1481 | 1 Php Ticket | 1 Php Ticket | 2017-10-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter. | |||||
| CVE-2006-0852 | 1 Devscripts | 1 Admbook | 2017-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php. | |||||
| CVE-2006-0851 | 1 Ilch.de | 1 Ilchclan | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost. | |||||
| CVE-2006-1917 | 1 Blackorpheus | 1 Clanmemberskript | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter. | |||||
| CVE-2006-1919 | 1 Thomas Voecking | 1 Internet Photoshow | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-1921 | 1 Php Net Tools | 1 Php Net Tools | 2017-10-19 | 6.4 MEDIUM | N/A |
| nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. | |||||
| CVE-2006-0821 | 1 Bxcp | 1 Bxcp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2006-1480 | 1 Duda | 1 Webalbum | 2017-10-19 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter. | |||||
| CVE-2006-1954 | 1 Nfec.de | 1 Rechnungszentrale | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the User field. | |||||
| CVE-2006-1955 | 1 Nfec.de | 1 Rechnungszentrale | 2017-10-19 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. | |||||
| CVE-2006-1243 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php. | |||||
| CVE-2006-2008 | 1 Built2go | 1 Movie Review | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter. | |||||
| CVE-2005-0619 | 1 Bfriendly.com | 1 Einstein | 2017-10-19 | 2.1 LOW | N/A |
| Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges. | |||||
| CVE-2005-0530 | 1 Linux | 1 Linux Kernel | 2017-10-19 | 2.1 LOW | N/A |
| Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument. | |||||
| CVE-2004-2262 | 1 E107 | 1 E107 | 2017-10-19 | 5.0 MEDIUM | N/A |
| ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. | |||||
| CVE-2006-5427 | 1 Php Amx | 1 Php Amx | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in plugins/main.php in Php AMX 0.9.0, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plug_path parameter. | |||||
| CVE-2006-2137 | 1 Openphpnuke | 1 Openphpnuke | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2006-2151 | 1 Phpbb Group | 1 Phpbb Toplist | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | |||||
| CVE-2006-2152 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | |||||
| CVE-2006-2226 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command. | |||||
| CVE-2006-2242 | 1 Acftp | 1 Acftp | 2017-10-19 | 5.0 MEDIUM | N/A |
| acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command. | |||||
| CVE-2006-2253 | 1 Otterware | 1 Statit | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter. | |||||
| CVE-2006-2256 | 1 Eqdkp | 1 Eqdkp | 2017-10-19 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter. | |||||
| CVE-2006-2261 | 1 Acal | 1 Acal | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-2263 | 1 Virtual Programming | 1 Vp-asp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2006-2361 | 2 Mxbb, Php Arena | 2 Mxbb Portal, Pafiledb | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pafiledb_constants.php in Download Manager (mxBB pafiledb) integration, as used with phpBB, allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-2392 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-19 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. | |||||
| CVE-2006-2424 | 1 Ezusermanager | 1 Ezusermanager | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php. | |||||
| CVE-2006-2483 | 1 Lighthouse Development | 1 Squirrelcart | 2017-10-19 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cart_content.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cart_isp_root parameter. | |||||
| CVE-2006-2494 | 1 Lacaveprods | 1 Intellitamper | 2017-10-19 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file. | |||||
| CVE-2006-2523 | 1 Smartisoft | 1 Phplistpro | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie. | |||||
| CVE-2006-2557 | 1 Florian Amrhein | 1 Newsportal | 2017-10-19 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | |||||
| CVE-2006-2568 | 1 Ubbcentral | 1 Ubb.threads | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. | |||||
| CVE-2006-2569 | 2 4r Linklist, Woltlab | 2 4r Linklist, Burning Board | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2006-2570 | 1 Calogic | 1 Calogic Calendars | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue. | |||||
| CVE-2006-2576 | 1 Docebo | 1 Docebo | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelist.php, (c) tree.documents.php, (d) lib.repo.php, and (e) lib.php, and (2) GLOBALS[where_scs] to (f) lib.teleskill.php. NOTE: this issue might be resultant from a global overwrite vulnerability. | |||||
| CVE-2006-2665 | 1 V-webmail | 1 V-webmail | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. | |||||
| CVE-2006-2666 | 1 V-webmail | 1 V-webmail | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. | |||||
| CVE-2006-2682 | 1 Back-end | 1 Back-end Cms | 2017-10-19 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter. | |||||
| CVE-2006-2683 | 1 Open-medium | 1 Open-medium Cms | 2017-10-19 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter. | |||||
| CVE-2006-2726 | 1 Fastpublish | 1 Fastpublish Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search.php and (6) adminbereich/admin.php. | |||||
| CVE-2006-2730 | 1 Hot Open Tickets | 1 Hot Open Tickets | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. | |||||
| CVE-2006-4102 | 1 Falko Timme And Till Brehm | 1 Sqlitewebadmin | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter. | |||||
| CVE-2006-2768 | 1 Ipw Systems | 1 Metajour | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php. | |||||
| CVE-2006-2797 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php. | |||||
| CVE-2006-2798 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php. | |||||
| CVE-2006-2818 | 1 Cameron Mckay | 1 Informium | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter. | |||||
| CVE-2006-2819 | 1 Barnraiser | 1 Igloo | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter. | |||||
| CVE-2006-2834 | 1 Gnopaste | 1 Gnopaste | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2006-2841 | 1 Associated | 1 Associated Cms | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php. | |||||