Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6251 | 1 Vuplayer | 1 Vuplayer | 2017-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack. | |||||
| CVE-2006-6719 | 1 Gnu | 1 Wget | 2017-10-18 | 5.0 MEDIUM | N/A |
| The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | |||||
| CVE-2006-6871 | 1 Endonesia | 1 Endonesia | 2017-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php. | |||||
| CVE-2006-4213 | 1 David Kent Norman | 1 Thatware | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2006-5292 | 1 Exhibit Engine | 1 Exhibit Engine | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | |||||
| CVE-2006-6722 | 1 Jelle De Vos | 1 Bandwebsite | 2017-10-18 | 7.5 HIGH | N/A |
| Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1. | |||||
| CVE-2006-6724 | 1 Bolintech | 1 Dream Ftp Server | 2017-10-18 | 4.0 MEDIUM | N/A |
| BolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (application crash) via a certain invalid PORT command. | |||||
| CVE-2006-4210 | 1 Andreas Kansok | 1 Phpay | 2017-10-18 | 2.6 LOW | N/A |
| nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5167 | 1 Basilix | 1 Basilix Webmail | 2017-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3. | |||||
| CVE-2006-4329 | 1 Shadows Rising Rpg | 1 Shadows Rising Rpg | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php. | |||||
| CVE-2006-5296 | 1 Microsoft | 1 Powerpoint | 2017-10-18 | 4.3 MEDIUM | N/A |
| PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. | |||||
| CVE-2006-6203 | 1 Krishan | 1 Flyspray | 2017-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2006-4207 | 1 Bob Jewell | 1 Discloser | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php. | |||||
| CVE-2006-5165 | 1 Skrypty | 1 Ppa Gallery | 2017-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter. | |||||
| CVE-2006-4205 | 1 Webdynamite | 1 Projectbutler | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php. | |||||
| CVE-2006-5304 | 1 Inccms Technology | 1 Inccms Core | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | |||||
| CVE-2006-4203 | 1 Mamboxchange | 1 Mambo Email Publisher | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-5307 | 1 Afgb | 1 Afgb Guestbook | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the Htmls parameter in (1) add.php, (2) admin.php, (3) look.php, or (4) re.php. | |||||
| CVE-2006-4202 | 1 Spidey Blog | 1 Spidey Blog Script | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2006-6888 | 1 P-news | 1 P-news | 2017-10-18 | 5.0 MEDIUM | N/A |
| P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. | |||||