Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4916 | 1 Asp Indir | 1 Tekman Portal | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter. | |||||
| CVE-2006-4963 | 1 Exponent | 1 Exponent Cms | 2017-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files. | |||||
| CVE-2006-4918 | 1 Simple Discussion Board | 1 Simple Discussion Board | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php. | |||||
| CVE-2006-4919 | 1 Siteatschool | 1 Siteatschool | 2017-10-18 | 2.6 LOW | N/A |
| Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. | |||||
| CVE-2006-5894 | 1 Rama Cms | 1 Rama Cms | 2017-10-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php. | |||||
| CVE-2006-5786 | 1 E107 | 1 E107 | 2017-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php. | |||||
| CVE-2006-5787 | 1 Iprimal | 1 Iprimal Forums | 2017-10-18 | 7.5 HIGH | N/A |
| admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php. | |||||
| CVE-2006-4920 | 1 Siteatschool | 1 Siteatschool | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php. | |||||
| CVE-2006-5952 | 1 Asp Smiley | 1 Asp Smiley | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 allows remote attackers to execute arbitrary SQL commands via the Username field. | |||||
| CVE-2006-6910 | 1 Fersch | 1 Formbankserver | 2017-10-18 | 7.8 HIGH | N/A |
| formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. | |||||
| CVE-2006-6911 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2017-10-18 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter. | |||||
| CVE-2006-5796 | 1 Soholaunch | 1 Soholaunch Pro Edition | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php. | |||||
| CVE-2006-6028 | 1 Anton Vlasov | 1 Dosepa | 2017-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path in the file parameter. | |||||
| CVE-2006-3580 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2006-5802 | 1 The Web Drivers | 1 Simple Forum | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5803 | 1 Mxbb | 1 Mxbb Smartor Album | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-4922 | 1 Siteatschool | 1 Siteatschool | 2017-10-18 | 5.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions. | |||||
| CVE-2006-5948 | 1 Ringsworld | 1 Phppeanuts | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. | |||||
| CVE-2006-6938 | 1 Nitrotech | 1 Nitrotech | 2017-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter. | |||||
| CVE-2006-6941 | 1 Freewebshop | 1 Freewebshop | 2017-10-18 | 5.0 MEDIUM | N/A |
| index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message. | |||||