| Max CVSS | 10.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-5776 | 7.5 |
Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE: this issue is disputed by CVE, since installation i
|
07-08-2024 - 20:15 | 07-11-2006 - 00:07 | |
| CVE-2006-5761 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter.
|
14-02-2024 - 01:17 | 06-11-2006 - 23:07 | |
| CVE-2006-5765 | 7.5 |
SQL injection vulnerability in rss.php in Article Script 1.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
14-02-2024 - 01:17 | 06-11-2006 - 23:07 | |
| CVE-2006-5759 | 5.0 |
index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty (1) rns[] or (2) pag[] arguments, which reveals the path in an error message.
|
14-02-2024 - 01:17 | 06-11-2006 - 22:07 | |
| CVE-2007-0519 | 3.5 |
Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.
|
29-04-2021 - 15:15 | 26-01-2007 - 01:28 | |
| CVE-2007-5156 | 7.5 |
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary P
|
14-10-2020 - 13:19 | 01-10-2007 - 05:17 | |
| CVE-2006-3346 | 7.5 |
SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter.
|
18-10-2018 - 16:46 | 03-07-2006 - 19:05 | |
| CVE-2006-5784 | 4.6 |
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: th
|
17-10-2018 - 21:45 | 07-11-2006 - 23:07 | |
| CVE-2006-5785 | 5.0 |
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.
|
17-10-2018 - 21:45 | 07-11-2006 - 23:07 | |
| CVE-2006-5677 | 7.2 |
resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jo
|
17-10-2018 - 21:44 | 03-11-2006 - 11:07 | |
| CVE-2006-5735 | 7.5 |
Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language val
|
17-10-2018 - 21:44 | 06-11-2006 - 18:07 | |
| CVE-2006-5716 | 5.0 |
Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is not set to "1."
|
17-10-2018 - 21:44 | 04-11-2006 - 01:07 | |
| CVE-2006-5721 | 4.9 |
The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) allows local users to cause a denial of service (system crash) via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation.
|
17-10-2018 - 21:44 | 04-11-2006 - 01:07 | |
| CVE-2006-5736 | 5.1 |
SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. Succe
|
17-10-2018 - 21:44 | 06-11-2006 - 18:07 | |
| CVE-2006-5734 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2
|
17-10-2018 - 21:44 | 06-11-2006 - 18:07 | |
| CVE-2008-3773 | 4.3 |
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (ak
|
08-08-2017 - 01:32 | 22-08-2008 - 16:41 | |
| CVE-2006-5651 | 5.0 |
list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message.
|
20-07-2017 - 01:33 | 07-11-2006 - 20:07 | |
| CVE-2005-3790 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
|
18-10-2016 - 03:37 | 24-11-2005 - 11:03 | |
| CVE-2011-1568 | 10.0 |
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service
|
22-09-2011 - 03:30 | 05-04-2011 - 15:19 |