| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-3406 | 6.4 |
Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. (dot dot) sequence in the edit parameter.
|
18-10-2018 - 16:47 | 07-07-2006 - 00:05 | |
| CVE-2006-3363 | 5.1 |
PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter.
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3364 | 7.5 |
SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Upgrade to BLOG:CMS version 4.1.0 :
http://sourceforge.net/project/showfiles.php?g
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3376 | 7.5 |
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field i
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3396 | 6.8 |
PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3369 | 5.0 |
Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3399 | 2.6 |
Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632.
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3373 | 2.1 |
Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root.
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3370 | 5.0 |
Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3421 | 5.1 |
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4)
|
18-10-2018 - 16:47 | 07-07-2006 - 00:05 | |
| CVE-2006-3405 | 5.8 |
Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters.
|
18-10-2018 - 16:47 | 07-07-2006 - 00:05 | |
| CVE-2006-3367 | 5.0 |
Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3388 | 5.8 |
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. Upgrade to 2.8.2
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3371 | 5.0 |
Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3368 | 5.0 |
Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
| CVE-2006-3097 | 4.9 |
Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. This vulnerability only affects HP-UX running Support Tools Manage
|
18-10-2018 - 16:45 | 20-06-2006 - 17:02 | |
| CVE-2007-0146 | 6.0 |
Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3)
|
16-10-2018 - 16:31 | 09-01-2007 - 18:28 | |
| CVE-2007-4825 | 7.5 |
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
|
15-10-2018 - 21:38 | 12-09-2007 - 01:17 | |
| CVE-2008-3556 | 7.5 |
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: v
|
11-10-2018 - 20:48 | 08-08-2008 - 19:41 | |
| CVE-2005-3369 | 7.5 |
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.
|
11-07-2017 - 01:33 | 30-10-2005 - 14:34 | |
| CVE-2010-4566 | 9.3 |
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows
|
22-09-2011 - 03:26 | 14-01-2011 - 23:00 |