ReportizFlow
Filtered by vendor
Subscriptions
Total
29894 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5910 | 1 Campware.org | 1 Campsite | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/. | ||||
| CVE-2006-5814 | 1 Novell | 1 Edirectory | 2025-04-09 | N/A |
| Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2006-5776 | 1 Ariadne | 1 Ariadne Cms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE: this issue is disputed by CVE, since installation instructions recommend that the files be placed outside of the web document root and require the administrator to modify $ariadne in an include file | ||||
| CVE-2006-5766 | 1 Article System | 1 Article System | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter. | ||||
| CVE-2006-5744 | 1 Mobilesecure Inc | 2 Highwall Endpoint, Highwall Enterprise | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator. | ||||
| CVE-2006-5732 | 1 Tgs Cms | 1 Tgs Cms | 2025-04-09 | N/A |
| SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie. | ||||
| CVE-2007-2973 | 1 Avira | 2 Antivir, Av Pack | 2025-04-09 | N/A |
| Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive. | ||||
| CVE-2007-3024 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | N/A |
| libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. | ||||
| CVE-2006-5720 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | N/A |
| SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. | ||||
| CVE-2006-5719 | 1 Bytesfall Explorer | 1 Bytesfall Explorer | 2025-04-09 | N/A |
| SQL injection vulnerability in libs/sessions.lib.php in BytesFall Explorer (bfExplorer) 0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, a different issue than CVE-2006-5606. | ||||
| CVE-2006-5680 | 1 Freebsd | 1 Freebsd | 2025-04-09 | N/A |
| The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data. | ||||
| CVE-2006-5674 | 1 Minibb | 1 Minibb | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin. | ||||
| CVE-2006-5650 | 1 Aol | 1 Icq | 2025-04-09 | N/A |
| The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. | ||||
| CVE-2006-5583 | 1 Microsoft | 1 Windows 2003 Server | 2025-04-09 | N/A |
| Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." | ||||
| CVE-2007-3163 | 1 Frederico Caldeira Knabben | 1 Fckeditor | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. | ||||
| CVE-2006-5570 | 1 Kynoslogic | 1 Cruiseworks | 2025-04-09 | N/A |
| Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter. | ||||
| CVE-2007-3174 | 1 W2b | 1 Online Banking | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980. | ||||
| CVE-2007-3394 | 1 Endonesia | 1 Endonesia | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873. | ||||
| CVE-2006-5531 | 1 Ascended Development | 1 Ascended Guestbook | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter. | ||||
| CVE-2007-3183 | 1 Vincent Hor | 1 Calendarix | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php. | ||||