| Max CVSS | 9.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-4609 | 5.1 |
Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_l
|
07-08-2024 - 20:15 | 07-09-2006 - 00:04 | |
| CVE-2006-4554 | 5.1 |
Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon
|
14-02-2024 - 01:17 | 06-09-2006 - 00:04 | |
| CVE-2006-4558 | 7.5 |
DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
|
26-01-2024 - 19:02 | 06-09-2006 - 00:04 | |
| CVE-2006-3238 | 7.5 |
Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php.
|
18-10-2018 - 16:46 | 27-06-2006 - 10:05 | |
| CVE-2006-4605 | 7.5 |
PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
| CVE-2006-4608 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php.
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
| CVE-2006-4611 | 7.5 |
Buffer overflow in the _tor_resolve function in dsocks.c in dsocks before 1.4 allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long node name. This vulnerability is addressed in the following product rel
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
| CVE-2006-4601 | 7.5 |
SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
| CVE-2006-4599 | 7.5 |
SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter.
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
| CVE-2006-4606 | 7.5 |
Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parame
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
| CVE-2006-4607 | 7.5 |
admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1.
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
| CVE-2006-4553 | 6.8 |
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
17-10-2018 - 21:37 | 06-09-2006 - 00:04 | |
| CVE-2006-4543 | 6.8 |
Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in sear
|
17-10-2018 - 21:37 | 06-09-2006 - 00:04 | |
| CVE-2006-4548 | 7.5 |
e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_
|
17-10-2018 - 21:37 | 06-09-2006 - 00:04 | |
| CVE-2007-0250 | 5.0 |
index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.
|
16-10-2018 - 16:32 | 16-01-2007 - 23:28 | |
| CVE-2007-0249 | 6.8 |
Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.
|
16-10-2018 - 16:32 | 16-01-2007 - 23:28 | |
| CVE-2007-4917 | 4.3 |
Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334.
|
15-10-2018 - 21:38 | 17-09-2007 - 17:17 | |
| CVE-2008-3649 | 6.8 |
SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter. Regarding Access Complexity:
http://secunia.com/advisories/31292:
"Input passed to t
|
29-09-2017 - 01:31 | 13-08-2008 - 00:41 | |
| CVE-2008-3670 | 6.8 |
SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.
|
29-09-2017 - 01:31 | 13-08-2008 - 19:41 | |
| CVE-2010-4228 | 9.0 |
Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-
|
17-08-2017 - 01:33 | 22-03-2011 - 17:55 | |
| CVE-2005-3591 | 7.5 |
Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineF
|
11-07-2017 - 01:33 | 16-11-2005 - 07:42 |