Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4592 | 1 8pixel.net | 1 Simple Blog | 2017-10-19 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism. | |||||
| CVE-2006-4602 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-10-19 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. | |||||
| CVE-2006-4604 | 1 Lanifex | 1 Lanifex | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter. | |||||
| CVE-2006-4629 | 1 C-news.fr | 1 C-news | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-4630 | 1 Sky Gunning | 1 Myspeach | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter. | |||||
| CVE-2006-4636 | 1 Szewo | 1 Phpcommander | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code. | |||||
| CVE-2006-4638 | 1 Acgv News | 1 Acgv News | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in article.php in ACGV News 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter. | |||||
| CVE-2006-4641 | 1 Muratsoft | 1 Haber Portal | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter. | |||||
| CVE-2006-4644 | 1 Phpfullannu | 1 Phpfullannu | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter. | |||||
| CVE-2006-4647 | 1 Sponge News | 1 Sponge News | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter. | |||||
| CVE-2006-4669 | 1 Somery | 1 Somery | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter. | |||||
| CVE-2006-4676 | 1 Tibco | 1 Rendezvous | 2017-10-19 | 1.2 LOW | N/A |
| TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file. | |||||
| CVE-2006-4681 | 1 Ibm | 1 Director | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. | |||||
| CVE-2006-4719 | 1 Myabracadaweb | 1 Myabracadaweb | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php. | |||||
| CVE-2006-4714 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter. | |||||
| CVE-2006-4715 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-4716 | 1 Fire Soft Board | 1 Fire Soft Board | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. | |||||
| CVE-2006-4723 | 1 Raidenhttpd | 1 Raidenhttpd | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter. | |||||
| CVE-2006-4750 | 1 Openi-cms Group | 1 Openi-cms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter. | |||||
| CVE-2006-4769 | 1 Gtasoft | 1 P4cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter. | |||||
| CVE-2006-4770 | 1 Miniportal | 1 Miniportal | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter. | |||||
| CVE-2006-4779 | 1 Phpbb Group | 1 Vitrax Premodded Phpbb | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-4781 | 1 Futuresoft | 1 Tftp Server Multithreaded | 2017-10-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT) 1.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by sending a crafted packet to port 69/UDP, which triggers the overflow when constructing an absolute path name. NOTE: Some details are obtained from third party information. | |||||
| CVE-2006-4782 | 1 Webspell | 1 Webspell | 2017-10-19 | 5.4 MEDIUM | N/A |
| src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | |||||
| CVE-2006-4788 | 1 Telekorn | 1 Signkorn Guestbook | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter. | |||||
| CVE-2006-4789 | 1 Open Movie Editor | 1 Open Movie Editor | 2017-10-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag. | |||||
| CVE-2006-4824 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter. | |||||
| CVE-2006-4826 | 1 Shadowed Portal | 1 Shadowed Portal | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2006-4827 | 1 Vmist | 1 Downstat | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php. | |||||
| CVE-2006-4890 | 1 Unak | 1 Unak Cms | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php. | |||||
| CVE-2006-4845 | 1 George Lewe | 1 Teamcal Pro | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter. | |||||
| CVE-2006-4849 | 1 Mobilepublisherphp | 1 Mobilepublisherphp | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2006-4853 | 1 Haberx | 1 Haberx | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp. | |||||
| CVE-2006-4859 | 1 Limbo Cms | 1 Limbo Cms | 2017-10-19 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression. | |||||
| CVE-2006-4867 | 1 Gnuturk | 1 Gnuturk Portal System | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum." | |||||
| CVE-2006-4870 | 1 Aewebworks | 1 Aedating | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php. | |||||
| CVE-2006-4897 | 1 Cmtexts | 1 Cmtexts | 2017-10-19 | 5.0 MEDIUM | N/A |
| CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password. | |||||
| CVE-2006-4969 | 1 Wahm E-commerce | 1 Pie Cart Pro | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php. | |||||
| CVE-2006-4898 | 1 Guanxicrm | 1 Guanxicrm Business Solution | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter. | |||||
| CVE-2006-4906 | 1 Marc Logemann | 1 More.groupware | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter. | |||||
| CVE-2006-4912 | 1 Php Docwriter | 1 Php Docwriter | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter. | |||||
| CVE-2006-4913 | 1 Alstrasoft | 1 E-friends | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file. | |||||
| CVE-2006-4916 | 1 Asp Indir | 1 Tekman Portal | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter. | |||||
| CVE-2006-4963 | 1 Exponent | 1 Exponent Cms | 2017-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files. | |||||
| CVE-2006-4918 | 1 Simple Discussion Board | 1 Simple Discussion Board | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php. | |||||
| CVE-2006-4919 | 1 Siteatschool | 1 Siteatschool | 2017-10-19 | 2.6 LOW | N/A |
| Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. | |||||
| CVE-2006-4920 | 1 Siteatschool | 1 Siteatschool | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php. | |||||
| CVE-2006-4922 | 1 Siteatschool | 1 Siteatschool | 2017-10-19 | 5.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions. | |||||
| CVE-2006-4945 | 1 Cardway | 1 Digitalwebshop | 2017-10-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php. | |||||
| CVE-2006-4946 | 1 Cmsdevelopment | 1 Business Card Web Builder | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||