Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5121 | 1 Postnuke Software Foundation | 1 Postnuke | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter. | |||||
| CVE-2006-5120 | 1 Scott Metoyer | 1 Red Mombin | 2018-10-17 | 4.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php. | |||||
| CVE-2006-5131 | 1 Salims Softhouse | 1 Jaf Cms | 2018-10-17 | 7.5 HIGH | N/A |
| module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php. | |||||
| CVE-2006-5118 | 1 Phpselect | 1 Web Development Division | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter. | |||||
| CVE-2006-5116 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. | |||||
| CVE-2006-5114 | 1 Sap | 1 Internet Transaction Server | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749. | |||||
| CVE-2006-5109 | 1 Devellion | 1 Cubecart | 2018-10-17 | 5.0 MEDIUM | N/A |
| Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607. | |||||
| CVE-2006-5108 | 1 Devellion | 1 Cubecart | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php. | |||||
| CVE-2006-5107 | 1 Devellion | 1 Cubecart | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php. | |||||
| CVE-2006-5104 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter. | |||||
| CVE-2006-5103 | 1 Bbsnew | 1 Bbsnew | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter. | |||||
| CVE-2006-5100 | 1 Netwin | 1 Webnews | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter. | |||||
| CVE-2006-5097 | 1 Net2ftp | 1 Net2ftp | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability." | |||||
| CVE-2006-5096 | 1 Virtuemart | 1 Virtuemart Joomla Ecommerrce Edition Cms | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action. | |||||
| CVE-2006-5095 | 1 Myphotos | 1 Myphotos | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions. | |||||
| CVE-2006-5094 | 1 Phpbb Xs | 1 Phpbb Xs | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893. | |||||
| CVE-2006-5088 | 1 Phpheaven | 1 Phpmychat | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter. | |||||
| CVE-2006-5086 | 1 Pixel Motion | 1 Pixel Motion Blog | 2018-10-17 | 6.4 MEDIUM | N/A |
| Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not. | |||||
| CVE-2006-5085 | 1 Pixel Motion | 1 Pixel Motion Blog | 2018-10-17 | 7.5 HIGH | N/A |
| Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php. | |||||
| CVE-2006-5081 | 1 Jl Webworks | 1 Quickblogger | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||