Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7173 | 1 Php-stats | 1 Php-stats | 2017-10-18 | 10.0 HIGH | N/A |
| Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php. | |||||
| CVE-2007-0082 | 1 Imgallery | 1 Imgallery | 2017-10-18 | 6.5 MEDIUM | N/A |
| users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. | |||||
| CVE-2007-0091 | 1 Katy Whitton Web Development | 1 Newscmslite | 2017-10-18 | 7.5 HIGH | N/A |
| newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. | |||||
| CVE-2007-0489 | 1 Visohotlink | 1 Visohotlink | 2017-10-18 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-0092 | 1 E-smart Cart | 1 E-smart Cart | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | |||||
| CVE-2007-0354 | 1 Mgb | 1 Opensource Guestbook | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0135 | 1 Aratix | 1 Aratix | 2017-10-18 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter. | |||||
| CVE-2002-2217 | 1 Comscripts | 1 Web Server Creator | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php. | |||||
| CVE-2003-1314 | 1 Eternalmart | 1 Eternalmart Guestbook | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter. | |||||
| CVE-2006-3394 | 1 Bxcp | 1 Bxcp | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action. | |||||
| CVE-2006-1667 | 1 Crafty Syntax Image Gallery | 1 Crafty Syntax Image Gallery | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php. | |||||
| CVE-2006-3192 | 1 Php Web Scripts | 1 Ad Manager Pro | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php. | |||||
| CVE-2006-2134 | 1 Phpbb Group | 1 Phpbb | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-2242 | 1 Acftp | 1 Acftp | 2017-10-18 | 5.0 MEDIUM | N/A |
| acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command. | |||||
| CVE-2006-3400 | 2 Id Software, Raven Software | 2 Quake 3 Engine, Soldier Of Fortune 2 | 2017-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. | |||||
| CVE-2006-0852 | 1 Devscripts | 1 Admbook | 2017-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php. | |||||
| CVE-2006-2929 | 1 Openemr | 1 Openemr | 2017-10-18 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter. | |||||
| CVE-2006-2253 | 1 Otterware | 1 Statit | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter. | |||||
| CVE-2006-3520 | 1 Sabdrimer Cms | 1 Sabdrimer Cms | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter. | |||||
| CVE-2006-3478 | 1 Myphp Cms | 1 Myphp Cms | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter. | |||||