Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2006-4020 | 4.6 |
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a bu
|
14-02-2024 - 01:17 | 08-08-2006 - 20:04 | |
CVE-2005-3389 | 5.0 |
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting,
|
30-10-2018 - 16:25 | 01-11-2005 - 12:47 | |
CVE-2006-3449 | 7.5 |
Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue
|
18-10-2018 - 16:47 | 09-08-2006 - 00:04 | |
CVE-2006-3451 | 7.5 |
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via uns
|
18-10-2018 - 16:47 | 08-08-2006 - 23:04 | |
CVE-2006-3114 | 4.6 |
PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands.
|
18-10-2018 - 16:45 | 08-08-2006 - 22:04 | |
CVE-2006-2915 | 5.1 |
Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.
|
18-10-2018 - 16:43 | 23-06-2006 - 20:06 | |
CVE-2006-2914 | 5.1 |
PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postrep
|
18-10-2018 - 16:43 | 23-06-2006 - 19:06 | |
CVE-2006-4029 | 7.5 |
Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet. This vulnerability is addressed in the following product release:
AGEphone 1.40
|
17-10-2018 - 21:33 | 09-08-2006 - 20:04 | |
CVE-2006-4042 | 7.5 |
Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
|
17-10-2018 - 21:33 | 09-08-2006 - 23:04 | |
CVE-2006-4046 | 7.5 |
Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a
|
17-10-2018 - 21:33 | 09-08-2006 - 23:04 | |
CVE-2006-4043 | 5.0 |
index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
|
17-10-2018 - 21:33 | 09-08-2006 - 23:04 | |
CVE-2006-4036 | 7.5 |
PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
17-10-2018 - 21:33 | 09-08-2006 - 22:04 | |
CVE-2006-4026 | 7.5 |
PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/ex
|
17-10-2018 - 21:32 | 09-08-2006 - 00:04 | |
CVE-2006-4025 | 7.5 |
SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.
|
17-10-2018 - 21:32 | 09-08-2006 - 00:04 | |
CVE-2007-0167 | 7.5 |
Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) c
|
16-10-2018 - 16:31 | 10-01-2007 - 01:28 | |
CVE-2007-4889 | 6.8 |
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
|
15-10-2018 - 21:38 | 14-09-2007 - 01:17 | |
CVE-2008-3587 | 4.3 |
Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.
|
11-10-2018 - 20:48 | 11-08-2008 - 23:41 | |
CVE-2011-0406 | 10.0 |
Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.
|
17-08-2017 - 01:33 | 11-01-2011 - 03:00 |