Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5391 | 1 Xfire | 1 Xfire | 2017-10-18 | 5.0 MEDIUM | N/A |
| Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777. | |||||
| CVE-2006-6613 | 1 Phpalbum.net | 1 Phpalbum | 2017-10-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | |||||
| CVE-2006-6612 | 1 Phpmycms | 1 Phpmycms | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter. | |||||
| CVE-2006-6611 | 1 Barman | 1 Barman | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | |||||
| CVE-2006-6604 | 1 Torrentflux | 1 Torrentflux | 2017-10-18 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328. | |||||
| CVE-2006-6599 | 1 Torrentflux | 1 Torrentflux | 2017-10-18 | 6.0 MEDIUM | N/A |
| maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter. | |||||
| CVE-2006-5400 | 1 Cyberbrau | 1 Cyberbrau | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in forum/track.php in CyberBrau 0.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-6598 | 1 Torrentflux | 2 Torrentflux, Torrentflux-b4rt | 2017-10-18 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328. | |||||
| CVE-2006-5401 | 1 Aroundme | 1 Aroundme | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter. | |||||
| CVE-2006-5092 | 1 A-blog | 1 A-blog | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter. | |||||
| CVE-2006-4113 | 1 Hitweb | 1 Hitweb | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter. | |||||
| CVE-2006-5205 | 1 Invision Power Services | 1 Invision Gallery | 2017-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used. | |||||
| CVE-2006-6770 | 1 Jinzora | 1 Jinzora | 2017-10-18 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php. | |||||
| CVE-2006-6771 | 1 Irokez | 1 Irokez Cms | 2017-10-18 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/. | |||||
| CVE-2006-4418 | 1 Wikepage | 1 Wikepage | 2017-10-18 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file. | |||||
| CVE-2006-5087 | 1 Evobb | 1 Evobb | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) track.php or (2) connect.php. | |||||
| CVE-2006-5412 | 1 Php Outburst | 1 Easynews | 2017-10-18 | 5.1 MEDIUM | N/A |
| admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter. | |||||
| CVE-2006-5413 | 1 Supermod | 1 Supermod | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php. | |||||
| CVE-2006-6774 | 1 Ciberia | 1 Content Federator | 2017-10-18 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-4419 | 1 Promanager | 1 Promanager | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter. | |||||