| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-5678 | 7.5 |
PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary
|
11-04-2024 - 00:41 | 03-11-2006 - 11:07 | |
| CVE-2006-3349 | 7.5 |
Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php.
|
18-10-2018 - 16:46 | 03-07-2006 - 19:05 | |
| CVE-2006-5703 | 4.3 |
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed,
|
17-10-2018 - 21:44 | 04-11-2006 - 01:07 | |
| CVE-2006-5719 | 7.5 |
SQL injection vulnerability in libs/sessions.lib.php in BytesFall Explorer (bfExplorer) 0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, a different issue than CVE-2006-5606.
|
17-10-2018 - 21:44 | 04-11-2006 - 01:07 | |
| CVE-2006-5711 | 5.0 |
ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote attackers to read arbitrary files via a certain HTTP request, as demonstrated by a request for a router configuration file, related to the /html/defs/ URI.
|
17-10-2018 - 21:44 | 04-11-2006 - 01:07 | |
| CVE-2006-5707 | 7.5 |
SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
17-10-2018 - 21:44 | 04-11-2006 - 01:07 | |
| CVE-2006-5717 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in
|
17-10-2018 - 21:44 | 04-11-2006 - 01:07 | |
| CVE-2006-5720 | 7.5 |
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.
|
17-10-2018 - 21:44 | 04-11-2006 - 01:07 | |
| CVE-2006-5702 | 5.0 |
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.ph
|
17-10-2018 - 21:44 | 04-11-2006 - 01:07 | |
| CVE-2006-5662 | 7.5 |
SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows remote attackers to execute arbitrary SQL commands via (1) the username parameter in login.php and (2) a search on the "search page."
|
17-10-2018 - 21:44 | 03-11-2006 - 00:07 | |
| CVE-2006-5667 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.php.
|
17-10-2018 - 21:44 | 03-11-2006 - 01:07 | |
| CVE-2007-0520 | 7.5 |
SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.
|
16-10-2018 - 16:33 | 26-01-2007 - 01:28 | |
| CVE-2007-5150 | 7.5 |
SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
|
15-10-2018 - 21:40 | 01-10-2007 - 05:17 | |
| CVE-2008-3770 | 6.8 |
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_t
|
11-10-2018 - 20:49 | 22-08-2008 - 16:41 | |
| CVE-2008-3841 | 4.3 |
Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter.
|
11-10-2018 - 20:49 | 27-08-2008 - 20:41 | |
| CVE-2008-3769 | 6.8 |
PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.
|
11-10-2018 - 20:49 | 22-08-2008 - 16:41 | |
| CVE-2011-1525 | 9.3 |
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recordi
|
09-10-2018 - 19:31 | 06-04-2011 - 16:55 | |
| CVE-2006-5724 | 2.1 |
Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry k
|
20-07-2017 - 01:33 | 04-11-2006 - 01:07 | |
| CVE-2005-3682 | 7.5 |
Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.
|
11-07-2017 - 01:33 | 18-11-2005 - 23:03 |