Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2513 | 1 Pmail | 1 Pegasus | 2017-10-19 | 10.0 HIGH | N/A |
| Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command. | |||||
| CVE-2005-0530 | 1 Linux | 1 Linux Kernel | 2017-10-19 | 2.1 LOW | N/A |
| Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument. | |||||
| CVE-2005-0619 | 1 Bfriendly.com | 1 Einstein | 2017-10-19 | 2.1 LOW | N/A |
| Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges. | |||||
| CVE-2005-0847 | 1 Code Ocean | 1 Ocean Ftp Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections. | |||||
| CVE-2005-0859 | 1 Czaries Network | 1 Czarnews | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14. | |||||
| CVE-2005-1598 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. | |||||
| CVE-2005-1667 | 1 Datatrac | 1 Activity Console | 2017-10-19 | 5.0 MEDIUM | N/A |
| DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. | |||||
| CVE-2005-2327 | 1 E107 | 1 E107 | 2017-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. | |||||
| CVE-2005-4218 | 1 Phpwebthings | 1 Phpwebthings | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585. | |||||
| CVE-2005-4411 | 1 David Harris | 1 Mercury Mail Transport System | 2017-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105. | |||||
| CVE-2006-0064 | 1 Devellion | 1 Cubecart | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. | |||||
| CVE-2006-0099 | 1 Valdersoft | 1 Valdersoft Shopping Cart | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter. | |||||
| CVE-2006-0179 | 1 Cisco | 1 Ip Phone 7940 | 2017-10-19 | 5.0 MEDIUM | N/A |
| The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80. | |||||
| CVE-2006-0821 | 1 Bxcp | 1 Bxcp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2006-0851 | 1 Ilch.de | 1 Ilchclan | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost. | |||||
| CVE-2006-0852 | 1 Devscripts | 1 Admbook | 2017-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php. | |||||
| CVE-2006-0888 | 1 Invision Power Services | 1 Invision Power Board | 2017-10-19 | 2.6 LOW | N/A |
| index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. | |||||
| CVE-2006-0961 | 1 Cilem | 1 Cilem Haber | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name. | |||||
| CVE-2006-0962 | 1 Vubb | 1 Vubb | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie. | |||||
| CVE-2006-1001 | 1 Lansuite | 1 Lanparty Intranet System | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2006-1149 | 1 Owl | 1 Owl Intranet Engine | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use. | |||||
| CVE-2006-1153 | 1 D2-shoutbox | 1 D2-shoutbox | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB). | |||||
| CVE-2006-1219 | 1 Gallery Project | 1 Gallery | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. | |||||
| CVE-2006-1243 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php. | |||||
| CVE-2006-1327 | 1 Softbb | 1 Softbb | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter. | |||||
| CVE-2006-1480 | 1 Duda | 1 Webalbum | 2017-10-19 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter. | |||||
| CVE-2006-1481 | 1 Php Ticket | 1 Php Ticket | 2017-10-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter. | |||||
| CVE-2006-1595 | 1 Claroline | 1 Claroline | 2017-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command. | |||||
| CVE-2006-1596 | 1 Claroline | 1 Claroline | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter. | |||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2017-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | |||||
| CVE-2006-1667 | 1 Crafty Syntax Image Gallery | 1 Crafty Syntax Image Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php. | |||||
| CVE-2006-1668 | 1 Crafty Syntax Image Gallery | 1 Crafty Syntax Image Gallery | 2017-10-19 | 9.0 HIGH | N/A |
| newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php. | |||||
| CVE-2006-1694 | 1 Xbrite | 1 Xbrite Members | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1708 | 1 Clansys | 1 Clansys | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php. | |||||
| CVE-2006-1710 | 1 Design Nation | 1 Dnguestbook | 2017-10-19 | 7.6 HIGH | N/A |
| SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. | |||||
| CVE-2006-1784 | 1 Sphider | 1 Sphider | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. | |||||
| CVE-2006-1799 | 1 Adcentrix | 1 Censtore | 2017-10-19 | 7.5 HIGH | N/A |
| censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | |||||
| CVE-2006-1819 | 1 Phpwebsite | 1 Phpwebsite | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename". | |||||
| CVE-2006-1828 | 1 Php121 | 1 Php121 Instant Messenger | 2017-10-19 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement. | |||||
| CVE-2006-1831 | 1 Coder-world | 1 Sysinfo | 2017-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php. | |||||
| CVE-2006-1832 | 1 Coder-world | 1 Sysinfo | 2017-10-19 | 5.0 MEDIUM | N/A |
| sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action. | |||||
| CVE-2006-1837 | 1 Clanscripte.net | 1 Fuju News | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-1838 | 1 Clanscripte.net | 1 Fuju News | 2017-10-19 | 7.5 HIGH | N/A |
| edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie. | |||||
| CVE-2006-1917 | 1 Blackorpheus | 1 Clanmemberskript | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter. | |||||
| CVE-2006-1919 | 1 Thomas Voecking | 1 Internet Photoshow | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-1921 | 1 Php Net Tools | 1 Php Net Tools | 2017-10-19 | 6.4 MEDIUM | N/A |
| nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. | |||||
| CVE-2006-1954 | 1 Nfec.de | 1 Rechnungszentrale | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the User field. | |||||
| CVE-2006-1955 | 1 Nfec.de | 1 Rechnungszentrale | 2017-10-19 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. | |||||
| CVE-2006-2008 | 1 Built2go | 1 Movie Review | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter. | |||||
| CVE-2006-2134 | 1 Phpbb Group | 1 Phpbb | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||