Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1480 | 1 Duda | 1 Webalbum | 2017-10-18 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter. | |||||
| CVE-2006-2008 | 1 Built2go | 1 Movie Review | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter. | |||||
| CVE-2006-2768 | 1 Ipw Systems | 1 Metajour | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php. | |||||
| CVE-2006-1784 | 1 Sphider | 1 Sphider | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. | |||||
| CVE-2006-1001 | 1 Lansuite | 1 Lanparty Intranet System | 2017-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2006-0821 | 1 Bxcp | 1 Bxcp | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2006-2888 | 1 Wikiwig | 1 Wikiwig | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter. | |||||
| CVE-2006-2568 | 1 Ubbcentral | 1 Ubb.threads | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. | |||||
| CVE-2006-3177 | 1 Bible Portal Project | 1 Bible Portal Project | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter. | |||||
| CVE-2006-0888 | 1 Invision Power Services | 1 Invision Power Board | 2017-10-18 | 2.6 LOW | N/A |
| index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. | |||||
| CVE-2006-1149 | 1 Owl | 1 Owl Intranet Engine | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use. | |||||
| CVE-2006-1153 | 1 D2-shoutbox | 1 D2-shoutbox | 2017-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB). | |||||
| CVE-2006-2523 | 1 Smartisoft | 1 Phplistpro | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie. | |||||
| CVE-2006-1799 | 1 Adcentrix | 1 Censtore | 2017-10-18 | 7.5 HIGH | N/A |
| censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | |||||
| CVE-2006-1481 | 1 Php Ticket | 1 Php Ticket | 2017-10-18 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter. | |||||
| CVE-2006-2797 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php. | |||||
| CVE-2006-3162 | 1 Smartsitecms | 1 Smartsitecms | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2006-2798 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2017-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php. | |||||
| CVE-2006-1243 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php. | |||||
| CVE-2006-1668 | 1 Crafty Syntax Image Gallery | 1 Crafty Syntax Image Gallery | 2017-10-18 | 9.0 HIGH | N/A |
| newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php. | |||||