Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6063 | 1 Un4seen | 1 Xmplay | 2017-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName. | |||||
| CVE-2006-5731 | 1 Lithium Cms | 1 Lithium Cms | 2017-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the siteconf[curl] parameter, as demonstrated by a POST to news/comment.php containing PHP code, which is stored under db/comments/news/ and included by classes/index.php. | |||||
| CVE-2006-6381 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2017-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2006-3851 | 1 X7 Group | 1 X7 Chat | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter. | |||||
| CVE-2006-4962 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file. | |||||
| CVE-2006-4961 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php. | |||||
| CVE-2006-4960 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query. | |||||
| CVE-2006-5730 | 1 Modxcms | 1 Modxcms | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. | |||||
| CVE-2006-5732 | 1 Tgs Cms | 1 Tgs Cms | 2017-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie. | |||||
| CVE-2006-5733 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | |||||
| CVE-2006-6855 | 1 Aidex | 1 Mini-webserver | 2017-10-18 | 5.0 MEDIUM | N/A |
| AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6856 | 1 Webtext | 1 Webtext | 2017-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. | |||||
| CVE-2006-6380 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2017-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2006-4890 | 1 Unak | 1 Unak Cms | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php. | |||||
| CVE-2006-4957 | 1 The Myreview System | 1 Myreview | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php. | |||||
| CVE-2006-4845 | 1 George Lewe | 1 Teamcal Pro | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter. | |||||
| CVE-2006-4849 | 1 Mobilepublisherphp | 1 Mobilepublisherphp | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2006-4853 | 1 Haberx | 1 Haberx | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp. | |||||
| CVE-2006-4859 | 1 Limbo Cms | 1 Limbo Cms | 2017-10-18 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression. | |||||
| CVE-2006-4867 | 1 Gnuturk | 1 Gnuturk Portal System | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum." | |||||