| Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-5473 | 7.5 |
PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: this issue is disputed by CVE as of 20061023, since
|
11-04-2024 - 00:41 | 24-10-2006 - 20:07 | |
| CVE-2006-5485 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4
|
17-10-2018 - 21:43 | 24-10-2006 - 22:07 | |
| CVE-2006-5476 | 7.5 |
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
|
17-10-2018 - 21:43 | 24-10-2006 - 20:07 | |
| CVE-2006-5475 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
|
17-10-2018 - 21:43 | 24-10-2006 - 20:07 | |
| CVE-2006-5474 | 7.5 |
The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password rese
|
17-10-2018 - 21:43 | 24-10-2006 - 20:07 | |
| CVE-2006-5496 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.
|
17-10-2018 - 21:43 | 25-10-2006 - 10:07 | |
| CVE-2006-5491 | 7.5 |
Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
|
17-10-2018 - 21:43 | 25-10-2006 - 10:07 | |
| CVE-2006-5459 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_scri
|
17-10-2018 - 21:43 | 23-10-2006 - 17:07 | |
| CVE-2006-5477 | 2.6 |
Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.
|
17-10-2018 - 21:43 | 24-10-2006 - 20:07 | |
| CVE-2006-5454 | 5.0 |
Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the
|
17-10-2018 - 21:43 | 23-10-2006 - 17:07 | |
| CVE-2006-5455 | 2.6 |
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. This vulnerability is a
|
17-10-2018 - 21:43 | 23-10-2006 - 17:07 | |
| CVE-2006-5453 | 3.5 |
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers us
|
17-10-2018 - 21:43 | 23-10-2006 - 17:07 | |
| CVE-2007-5109 | 4.3 |
Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level param
|
15-10-2018 - 21:40 | 26-09-2007 - 23:17 | |
| CVE-2008-3874 | 3.5 |
Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these de
|
11-10-2018 - 20:50 | 29-08-2008 - 17:41 | |
| CVE-2008-3758 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arb
|
11-10-2018 - 20:49 | 21-08-2008 - 17:41 | |
| CVE-2007-0488 | 5.0 |
The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command.
|
29-07-2017 - 01:30 | 25-01-2007 - 00:28 | |
| CVE-2006-3315 | 7.5 |
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter.
|
20-07-2017 - 01:32 | 29-06-2006 - 19:05 | |
| CVE-2005-3571 | 5.0 |
PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter
|
18-10-2016 - 03:36 | 16-11-2005 - 07:42 | |
| CVE-2011-1563 | 10.0 |
Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On
|
22-09-2011 - 03:30 | 05-04-2011 - 15:19 |