Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0851 | 1 Ilch.de | 1 Ilchclan | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost. | |||||
| CVE-2006-3341 | 1 Myads | 1 Myads | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp for Xoops allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2006-2256 | 1 Eqdkp | 1 Eqdkp | 2017-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter. | |||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2017-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | |||||
| CVE-2006-1831 | 1 Coder-world | 1 Sysinfo | 2017-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php. | |||||
| CVE-2006-3027 | 1 Enthrallweb | 1 Ephotos | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp. | |||||
| CVE-2006-2730 | 1 Hot Open Tickets | 1 Hot Open Tickets | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. | |||||
| CVE-2006-1832 | 1 Coder-world | 1 Sysinfo | 2017-10-18 | 5.0 MEDIUM | N/A |
| sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action. | |||||
| CVE-2006-1837 | 1 Clanscripte.net | 1 Fuju News | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-1838 | 1 Clanscripte.net | 1 Fuju News | 2017-10-18 | 7.5 HIGH | N/A |
| edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie. | |||||
| CVE-2006-3028 | 1 Minerva | 1 Minerva | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in stat_modules/users_age/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-2261 | 1 Acal | 1 Acal | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-1710 | 1 Design Nation | 1 Dnguestbook | 2017-10-18 | 7.6 HIGH | N/A |
| SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. | |||||
| CVE-2006-1828 | 1 Php121 | 1 Php121 Instant Messenger | 2017-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement. | |||||
| CVE-2006-1542 | 1 Python Software Foundation | 1 Python | 2017-10-18 | 3.7 LOW | N/A |
| Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected. | |||||
| CVE-2006-2726 | 1 Fastpublish | 1 Fastpublish Cms | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search.php and (6) adminbereich/admin.php. | |||||
| CVE-2006-2263 | 1 Virtual Programming | 1 Vp-asp | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2006-2557 | 1 Florian Amrhein | 1 Newsportal | 2017-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | |||||
| CVE-2006-3184 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2017-10-18 | 4.0 MEDIUM | N/A |
| Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp. | |||||
| CVE-2006-3294 | 1 Cbsms | 1 Mambo Module | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||