Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5076 | 1 Back-end | 1 Back-end Cms | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php. | |||||
| CVE-2006-5074 | 1 Php Invoice | 1 Php Invoice | 2018-10-17 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter. | |||||
| CVE-2006-5204 | 1 Invision Power Services | 1 Invision Power Board | 2018-10-17 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. | |||||
| CVE-2006-5160 | 1 Mozilla | 1 Firefox | 2018-10-17 | 7.8 HIGH | N/A |
| ** DISPUTED ** Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not." | |||||
| CVE-2006-5091 | 1 Hp | 1 Hp-ux | 2018-10-17 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors. | |||||
| CVE-2006-5236 | 1 4homepages | 1 4images | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter. | |||||
| CVE-2006-5223 | 1 Nivisec | 1 User Viewed Posts Tracker | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_user_viewed_posts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5217 | 1 Emek Portal | 1 Emek Portal | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp, also known as the Kullanici Adi (k_a) and Sifre (sifre) parameters. | |||||
| CVE-2006-5244 | 1 Opendock | 1 Easy Blog | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_read_file.php, and (5) lib_form_file.php in sw/lib_up_file; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified vectors. | |||||
| CVE-2006-5226 | 1 Freenews | 1 Freenews | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | |||||
| CVE-2006-5227 | 1 Torrentflux | 1 Torrentflux | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable. | |||||
| CVE-2006-5228 | 1 Rob Hensley | 1 Ackertodo | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) up_login, (2) up_pass, or (3) up_num_tasks parameters. | |||||
| CVE-2006-5230 | 1 Freeforum | 1 Freeforum | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. | |||||
| CVE-2006-5232 | 1 Isearch | 1 Isearch | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in iSearch 2.16 allow remote attackers to execute arbitrary PHP code via a URL in the isearch_path parameter in (1) index.php, (2) viewcache.php, (3) sitemap.php, (4) isearch.inc.php, (5) google_sitemap.php, (6) stats.php, or (7) auto_spider_img.php. NOTE: this issue has been disputed by a third party who shows that $isearch_path is set to a constant value. CVE analysis as of 20061010 is inconclusive, although the original researcher is known to make mistakes. | |||||
| CVE-2006-4876 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register. | |||||
| CVE-2006-5036 | 1 Squiz | 2 Mysource Classic, Mysource Matrix | 2018-10-17 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability." | |||||
| CVE-2006-4877 | 1 David Bennett | 1 Php-post | 2018-10-17 | 5.0 MEDIUM | N/A |
| Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php. | |||||
| CVE-2006-5018 | 1 Contentkeeper Technologies | 1 Contentkeeper | 2018-10-17 | 4.0 MEDIUM | N/A |
| ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI. | |||||
| CVE-2006-4984 | 1 Grayscale | 1 Bandsite Cms | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter in (1) adminpanel/includes/mailinglist/mlist_xls.php and (2) adminpanel/includes/add_forms/addmp3.php. NOTE: the other vectors from the original disclosure are already covered by CVE-2006-3193. | |||||
| CVE-2006-4878 | 1 David Bennett | 1 Php-post | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file. | |||||