Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4011 | 1 Kayako | 1 Esupport | 2017-10-19 | 2.6 LOW | N/A |
| PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter. | |||||
| CVE-2006-4040 | 1 Mywebland | 1 Myevent | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. | |||||
| CVE-2006-4045 | 1 Torbstoff | 1 Torbstoff News | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | |||||
| CVE-2006-4072 | 1 Club-nuke | 1 Club-nuke | 2017-10-19 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp. | |||||
| CVE-2006-4062 | 1 Dmitry Sheiko | 1 Sapid Shop | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter. | |||||
| CVE-2006-4063 | 1 Csaba Godor | 1 Sapid Blog Beta 2 | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php. | |||||
| CVE-2006-4065 | 1 Dmitry Sheiko | 1 Sapid Gallery | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_calendar.inc.php or the (2) GLOBALS[root_path] parameter to (b) usr/extensions/get_tree.inc.php. | |||||
| CVE-2006-4113 | 1 Hitweb | 1 Hitweb | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter. | |||||
| CVE-2006-4121 | 1 See-commerce | 1 See-commerce | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-4123 | 1 Boite De News | 1 Boite De News | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter. | |||||
| CVE-2006-4124 | 1 Lesstif | 1 Lesstif | 2017-10-19 | 4.6 MEDIUM | N/A |
| The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program. | |||||
| CVE-2006-4158 | 1 Spaminator | 1 Spaminator | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-4160 | 1 Mvcnphp | 1 Mvcnphp | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php. | |||||
| CVE-2006-4164 | 1 Phpprintanalyzer | 1 Phpprintanalyzer | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/header.inc.php in phpPrintAnalyzer 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ficStyle parameter. | |||||
| CVE-2006-4202 | 1 Spidey Blog | 1 Spidey Blog Script | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2006-4203 | 1 Mamboxchange | 1 Mambo Email Publisher | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4205 | 1 Webdynamite | 1 Projectbutler | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php. | |||||
| CVE-2006-4207 | 1 Bob Jewell | 1 Discloser | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php. | |||||
| CVE-2006-4210 | 1 Andreas Kansok | 1 Phpay | 2017-10-19 | 2.6 LOW | N/A |
| nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-4213 | 1 David Kent Norman | 1 Thatware | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2006-4234 | 1 Dotproject | 1 Dotproject | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. | |||||
| CVE-2006-4237 | 1 Invisionix Systems | 1 Invisionix Roaming System Remote | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter. | |||||
| CVE-2006-4238 | 1 Wtcom | 1 Web Torrent | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode. | |||||
| CVE-2006-4239 | 1 Outreach Project Tool | 1 Opt Max | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_inc parameter. | |||||
| CVE-2006-4276 | 1 Tutti Nova | 1 Tutti Nova | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php. | |||||
| CVE-2006-4278 | 1 Sportsphool | 1 Sportsphool | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter. | |||||
| CVE-2006-4287 | 2 Nes Game, Nes System | 2 Nes Game, Nes System | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php. | |||||
| CVE-2006-4291 | 1 Phlymail | 1 Phlymail Lite | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter. | |||||
| CVE-2006-4296 | 1 Mambo | 1 Bigape-backup Component | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4318 | 1 Texas Imperial Software | 1 Wftpd | 2017-10-19 | 6.5 MEDIUM | N/A |
| Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. | |||||
| CVE-2006-4321 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4329 | 1 Shadows Rising Rpg | 1 Shadows Rising Rpg | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php. | |||||
| CVE-2006-4354 | 1 Phome Empire | 1 Phome Empire Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter. | |||||
| CVE-2006-4365 | 1 Vistabb | 1 Vistabb | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php. | |||||
| CVE-2006-4367 | 1 All Topics | 1 All Topics Hack | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2006-4372 | 1 Constructor Component | 1 Constructor Component | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | |||||
| CVE-2006-4418 | 1 Wikepage | 1 Wikepage | 2017-10-19 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file. | |||||
| CVE-2006-4419 | 1 Promanager | 1 Promanager | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter. | |||||
| CVE-2006-4420 | 1 Phaos | 1 Phaos | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter. | |||||
| CVE-2006-4424 | 1 Coinsoft Technologies | 1 Phpcoin | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter. | |||||
| CVE-2006-4427 | 1 Efiction | 1 Efiction | 2017-10-19 | 5.1 MEDIUM | N/A |
| index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1". | |||||
| CVE-2006-4452 | 1 Web3king | 1 Web3news | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter. | |||||
| CVE-2006-4455 | 1 Xchat | 1 Xchat | 2017-10-19 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version". | |||||
| CVE-2006-4456 | 1 Phpecard | 1 Phpecard | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2006-4458 | 1 Phpgroupware | 1 Phpgroupware | 2017-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter. | |||||
| CVE-2006-4488 | 1 Exbb | 1 Exbb Italia | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter. | |||||
| CVE-2006-4489 | 1 Ultrize | 1 Minibill | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php. | |||||
| CVE-2006-4532 | 1 Bernard Pacques | 1 Yet Another Community System Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter. | |||||
| CVE-2006-4536 | 1 Cms Frogss | 1 Cms Frogss | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter. | |||||
| CVE-2006-4594 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681. | |||||