Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5715 | 1 Efs Software | 1 Easy Address Book | 2017-10-19 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream. | |||||
| CVE-2006-5725 | 1 Aep Networks | 1 Smartgate Ssl Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories. | |||||
| CVE-2006-5728 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2017-10-19 | 4.0 MEDIUM | N/A |
| XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags. | |||||
| CVE-2006-5730 | 1 Modxcms | 1 Modxcms | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. | |||||
| CVE-2006-5731 | 1 Lithium Cms | 1 Lithium Cms | 2017-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the siteconf[curl] parameter, as demonstrated by a POST to news/comment.php containing PHP code, which is stored under db/comments/news/ and included by classes/index.php. | |||||
| CVE-2006-5732 | 1 Tgs Cms | 1 Tgs Cms | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie. | |||||
| CVE-2006-5733 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | |||||
| CVE-2006-5760 | 1 Phpdynasite | 1 Phpdynasite | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php. | |||||
| CVE-2006-5766 | 1 Article System | 1 Article System | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter. | |||||
| CVE-2006-5767 | 1 Drake Team | 1 Drake Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter. | |||||
| CVE-2006-5768 | 1 Cyberfolio | 1 Cyberfolio | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php. | |||||
| CVE-2006-5772 | 1 Freewebshop | 1 Freewebshop | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter. | |||||
| CVE-2006-5773 | 1 Freewebshop | 1 Freewebshop | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action parameter. | |||||
| CVE-2006-5777 | 1 Creasito | 1 Creasito E-commerce Content Manager | 2017-10-19 | 7.5 HIGH | N/A |
| Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php, (3) amministrazione.php, (4) artins.php, (5) bgcolor.php, (6) cancartcat.php, (7) canccat.php, (8) cancelart.php, (9) cancontsit.php, (10) chanpassamm.php, (11) dele.php, (12) delecat.php, (13) delecont.php, (14) emailall.php, (15) gestflashtempl.php, (16) gestmagart.php, (17) gestmagaz.php, (18) gestpre.php, (19) input.php, (20) input3.php, (21) insnucat.php, (22) instempflash.php, (23) mailfc.php, (24) modfdati.php, (25) rescont4.php, (26) ricordo1.php, (27) ricordo4.php, (28) tabcatalg.php, (29) tabcont.php, (30) tabcont3.php, (31) tabstile.php, (32) tabstile3.php, (33) testimmg.php, and (34) update.php in admin/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5786 | 1 E107 | 1 E107 | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php. | |||||
| CVE-2006-5787 | 1 Iprimal | 1 Iprimal Forums | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php. | |||||
| CVE-2006-5796 | 1 Soholaunch | 1 Soholaunch Pro Edition | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php. | |||||
| CVE-2006-5802 | 1 The Web Drivers | 1 Simple Forum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5803 | 1 Mxbb | 1 Mxbb Smartor Album | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-5828 | 1 Deltascripts | 1 Php Classifieds | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2006-5834 | 1 Opensolution | 1 Quick.cms.lite | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter. | |||||
| CVE-2006-5837 | 1 Simplechat | 1 Simplechat | 2017-10-19 | 7.5 HIGH | N/A |
| Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter. | |||||
| CVE-2006-5839 | 1 Phpadventure | 1 Phpadventure | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter. | |||||
| CVE-2006-5849 | 1 Irayoblog | 1 Irayoblog | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter. | |||||
| CVE-2006-5851 | 1 Openbase International Ltd | 1 Openbase | 2017-10-19 | 2.1 LOW | N/A |
| openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328. | |||||
| CVE-2006-5852 | 1 Openbase International Ltd | 1 Openbase | 2017-10-19 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327. | |||||
| CVE-2006-5863 | 1 Otterware | 1 Letterit2 | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
| CVE-2006-5865 | 1 Damien Benier | 1 Myalbum | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter. | |||||
| CVE-2006-5880 | 1 Isystems | 1 Munch Pro | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-5889 | 1 Brewblogger | 1 Brewblogger | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5890 | 1 Superfreaker Studios | 1 Usupport | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5893 | 1 Iwonder Designs | 1 Storystream | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/. | |||||
| CVE-2006-5894 | 1 Rama Cms | 1 Rama Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php. | |||||
| CVE-2006-5930 | 1 Aigaion | 1 Aigaion | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php. | |||||
| CVE-2006-5948 | 1 Ringsworld | 1 Phppeanuts | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. | |||||
| CVE-2006-5952 | 1 Asp Smiley | 1 Asp Smiley | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 allows remote attackers to execute arbitrary SQL commands via the Username field. | |||||
| CVE-2006-5954 | 1 Netvios | 1 Netvios | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. | |||||
| CVE-2006-6028 | 1 Anton Vlasov | 1 Dosepa | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path in the file parameter. | |||||
| CVE-2006-6038 | 1 Powie | 1 Pforum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6039 | 1 Powie | 1 Php Matchmaker | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter. | |||||
| CVE-2006-6063 | 1 Un4seen | 1 Xmplay | 2017-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName. | |||||
| CVE-2006-6086 | 1 E-ark | 1 E-ark | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter. | |||||
| CVE-2006-6093 | 1 Picturespro | 1 Picturespro Photo Cart | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters. | |||||
| CVE-2006-6115 | 1 Fipsasp | 1 Fipscms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2006-6116 | 1 Fipsasp | 1 Fipsforum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter. | |||||
| CVE-2006-6117 | 1 Fipsasp | 1 Fipsgallery | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter. | |||||
| CVE-2006-6137 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php. | |||||
| CVE-2006-6138 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter. | |||||
| CVE-2006-6149 | 1 Jiros | 1 Faq Manager | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter. | |||||
| CVE-2006-6150 | 1 Owllib | 1 Owllib | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter. | |||||