Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5028 | 1 Swsoft | 2 Plesk, Plesk Reload | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. | |||||
| CVE-2006-4970 | 1 Wahm E-commerce | 1 Pie Cart Pro | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter. | |||||
| CVE-2006-4865 | 1 Phpquiz | 1 Phpquiz | 2018-10-17 | 5.0 MEDIUM | N/A |
| Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors. | |||||
| CVE-2006-4971 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-17 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message. | |||||
| CVE-2006-4972 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-17 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. | |||||
| CVE-2006-5015 | 1 Kietu | 1 Kietu | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter. | |||||
| CVE-2006-5022 | 1 Pnews Systems | 1 Pnews | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/global.php in Joshua Wilson pNews System 1.1.0 (aka PowerNews) allows remote attackers to execute arbitrary PHP code via a URL in the nbs parameter. | |||||
| CVE-2006-4875 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-17 | 5.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public. | |||||
| CVE-2006-4833 | 1 Verso Netperformer | 1 Frame Relay Access Device Act | 2018-10-17 | 7.8 HIGH | N/A |
| Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the "Land" vulnerability. | |||||
| CVE-2006-4861 | 1 Mohammed Mehdi Panjwani | 1 Complain Center | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp. | |||||
| CVE-2006-4857 | 1 Clicktech | 1 Clickblog | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters. | |||||
| CVE-2006-4856 | 1 Roller Weblogger | 1 Roller Weblogger | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do. | |||||
| CVE-2006-4675 | 1 Andreas Gohr | 1 Dokuwiki | 2018-10-17 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors. | |||||
| CVE-2006-4668 | 1 Rob Hensley | 1 Ackertodo | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command. | |||||
| CVE-2006-4670 | 1 Gtasoft | 1 Photokorn Gallery | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.inc.php or (2) extras/ext_cats.php. | |||||
| CVE-2006-4674 | 1 Andreas Gohr | 1 Dokuwiki | 2018-10-17 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php. | |||||
| CVE-2006-4677 | 1 Phpopenchat | 1 Phpopenchat | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in contrib/yabbse/poc.php in phpopenchat before 3.0.2 allows remote attackers to execute arbitrary PHP code via the sourcedir parameter. NOTE: this issue was disputed by a third-party researcher who stated that the _REQUEST parameters were dynamically unset at the beginning of the file. Another researcher noted, and CVE agrees, that the unset PHP function can be bypassed (CVE-2006-3017). If this issue is due to a vulnerability in PHP, then it should be excluded from CVE. | |||||
| CVE-2006-4678 | 1 Comscripts | 1 News Evolution | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php. | |||||
| CVE-2006-4679 | 1 Andreas Gohr | 1 Dokuwiki | 2018-10-17 | 5.0 MEDIUM | N/A |
| DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug". | |||||
| CVE-2006-4680 | 1 Canon | 7 Imagerunner 2620, Imagerunner 5020, Imagerunner 6870 and 4 more | 2018-10-17 | 4.0 MEDIUM | N/A |
| The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information. | |||||