Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4870 | 1 Aewebworks | 1 Aedating | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php. | |||||
| CVE-2006-6368 | 1 Awrate | 1 Awrate | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php. | |||||
| CVE-2006-4897 | 1 Cmtexts | 1 Cmtexts | 2017-10-18 | 5.0 MEDIUM | N/A |
| CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password. | |||||
| CVE-2006-4969 | 1 Wahm E-commerce | 1 Pie Cart Pro | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php. | |||||
| CVE-2006-4898 | 1 Guanxicrm | 1 Guanxicrm Business Solution | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter. | |||||
| CVE-2006-4906 | 1 Marc Logemann | 1 More.groupware | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter. | |||||
| CVE-2006-6859 | 1 Website Designs For Less | 1 Click N Print Coupons | 2017-10-18 | 10.0 HIGH | N/A |
| SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2006-5760 | 1 Phpdynasite | 1 Phpdynasite | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php. | |||||
| CVE-2006-4946 | 1 Cmsdevelopment | 1 Business Card Web Builder | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2006-4945 | 1 Cardway | 1 Digitalwebshop | 2017-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php. | |||||
| CVE-2006-6360 | 1 Sergey Korostel | 1 Php Upload Center | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter. | |||||
| CVE-2006-5766 | 1 Article System | 1 Article System | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter. | |||||
| CVE-2006-5768 | 1 Cyberfolio | 1 Cyberfolio | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php. | |||||
| CVE-2006-6039 | 1 Powie | 1 Php Matchmaker | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter. | |||||
| CVE-2006-5772 | 1 Freewebshop | 1 Freewebshop | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter. | |||||
| CVE-2006-5773 | 1 Freewebshop | 1 Freewebshop | 2017-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action parameter. | |||||
| CVE-2006-4912 | 1 Php Docwriter | 1 Php Docwriter | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter. | |||||
| CVE-2006-6866 | 1 Stphp | 1 Easynews | 2017-10-18 | 7.8 HIGH | N/A |
| STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. | |||||
| CVE-2006-4913 | 1 Alstrasoft | 1 E-friends | 2017-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file. | |||||
| CVE-2006-5777 | 1 Creasito | 1 Creasito E-commerce Content Manager | 2017-10-18 | 7.5 HIGH | N/A |
| Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php, (3) amministrazione.php, (4) artins.php, (5) bgcolor.php, (6) cancartcat.php, (7) canccat.php, (8) cancelart.php, (9) cancontsit.php, (10) chanpassamm.php, (11) dele.php, (12) delecat.php, (13) delecont.php, (14) emailall.php, (15) gestflashtempl.php, (16) gestmagart.php, (17) gestmagaz.php, (18) gestpre.php, (19) input.php, (20) input3.php, (21) insnucat.php, (22) instempflash.php, (23) mailfc.php, (24) modfdati.php, (25) rescont4.php, (26) ricordo1.php, (27) ricordo4.php, (28) tabcatalg.php, (29) tabcont.php, (30) tabcont3.php, (31) tabstile.php, (32) tabstile3.php, (33) testimmg.php, and (34) update.php in admin/. NOTE: some of these details are obtained from third party information. | |||||