Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5672 | 1 Mysource Cms | 1 Mysource Cms | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in web/init_mysource.php in MySource CMS 2.16.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. | |||||
| CVE-2006-5673 | 1 Minibb | 1 Minibb | 2017-10-18 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. | |||||
| CVE-2006-4750 | 1 Openi-cms Group | 1 Openi-cms | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter. | |||||
| CVE-2006-6445 | 1 Envolution | 1 Envolution | 2017-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | |||||
| CVE-2006-5676 | 1 Uni-vert | 1 Phpleague | 2017-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter. | |||||
| CVE-2006-6850 | 1 Shadowed Works | 1 Shadowed Portal | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | |||||
| CVE-2006-6853 | 1 Mozilla | 1 Durian Web Application Server | 2017-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. | |||||
| CVE-2006-4769 | 1 Gtasoft | 1 P4cms | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter. | |||||
| CVE-2006-4770 | 1 Miniportal | 1 Miniportal | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter. | |||||
| CVE-2006-4779 | 1 Phpbb Group | 1 Vitrax Premodded Phpbb | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-4781 | 1 Futuresoft | 1 Tftp Server Multithreaded | 2017-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT) 1.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by sending a crafted packet to port 69/UDP, which triggers the overflow when constructing an absolute path name. NOTE: Some details are obtained from third party information. | |||||
| CVE-2006-4782 | 1 Webspell | 1 Webspell | 2017-10-18 | 5.4 MEDIUM | N/A |
| src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | |||||
| CVE-2006-4788 | 1 Telekorn | 1 Signkorn Guestbook | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter. | |||||
| CVE-2006-4789 | 1 Open Movie Editor | 1 Open Movie Editor | 2017-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag. | |||||
| CVE-2006-6426 | 1 Thinkedit | 1 Thinkedit | 2017-10-18 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in design/thinkedit/render.php in ThinkEdit 1.9.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the template_file parameter. | |||||
| CVE-2006-6390 | 1 Open Solution | 1 Quick.cart | 2017-10-18 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts. | |||||
| CVE-2006-4974 | 1 Ipswitch | 1 Ws Ftp Server | 2017-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | |||||
| CVE-2006-4824 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter. | |||||
| CVE-2006-4826 | 1 Shadowed Portal | 1 Shadowed Portal | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2006-4827 | 1 Vmist | 1 Downstat | 2017-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php. | |||||