Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4835 | 1 Bluview | 1 Blue Magic Board | 2018-10-17 | 5.0 MEDIUM | N/A |
| Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages. | |||||
| CVE-2006-4836 | 1 Codeworx Technologies | 1 Dcp-portal | 2018-10-17 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227. | |||||
| CVE-2006-4837 | 1 Codeworx Technologies | 1 Dcp-portal | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. | |||||
| CVE-2006-4838 | 1 Codeworx Technologies | 1 Dcp-portal | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php. | |||||
| CVE-2006-4848 | 1 Hitweb | 1 Hitweb | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php, (3) framepoint.php, (4) genpage.php, (5) lienvalider.php, (6) appreciation.php, (7) partenariat.php, (8) rechercher.php, (9) projet.php, (10) propoexample.php, (11) refererpoint.php, or (12) top50.php. NOTE: this issue has been disputed by a third party researcher, stating that REP_CLASS is initialized in an included file before being used. | |||||
| CVE-2006-4850 | 1 Bolinos | 1 Blinos | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. | |||||
| CVE-2006-4752 | 1 Laurentiu Matei | 1 Expandable Home Page Cms | 2018-10-17 | 5.0 MEDIUM | N/A |
| Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter. | |||||
| CVE-2006-4796 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable). | |||||
| CVE-2006-4634 | 1 Vbzoom | 1 Vbzoom | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441. | |||||
| CVE-2006-4591 | 1 Alstrasoft | 1 Template Seller | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php. | |||||
| CVE-2006-4658 | 1 Panda | 1 Panda Platinum Internet Security | 2018-10-17 | 5.0 MEDIUM | N/A |
| Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns. | |||||
| CVE-2006-4615 | 1 Shape Services | 1 Im\+ Mobile Instant Messenger | 2018-10-17 | 4.9 MEDIUM | N/A |
| Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2006-4657 | 1 Panda | 1 Panda Platinum Internet Security | 2018-10-17 | 7.2 HIGH | N/A |
| Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE. | |||||
| CVE-2006-4633 | 1 Softbb | 1 Softbb | 2018-10-17 | 5.0 MEDIUM | N/A |
| index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter. | |||||
| CVE-2006-4632 | 1 Softbb | 1 Softbb | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php. | |||||
| CVE-2006-4631 | 1 Softbb | 1 Softbb | 2018-10-17 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request. | |||||
| CVE-2006-4614 | 1 Pocket Pc | 1 Pocket Pc | 2018-10-17 | 4.9 MEDIUM | N/A |
| PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat. | |||||
| CVE-2006-4612 | 1 John Andersson | 1 Zixforum | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter. | |||||
| CVE-2006-4609 | 1 Phpprojekt | 1 Phpprojekt | 2018-10-17 | 5.1 MEDIUM | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used. | |||||
| CVE-2006-4608 | 1 Longino | 1 Jacome Php-revista | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php. | |||||