Total
29737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6390 | 1 Open Solution | 1 Quick.cart | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts. | ||||
| CVE-2006-6426 | 1 Thinkedit | 1 Thinkedit | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in design/thinkedit/render.php in ThinkEdit 1.9.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the template_file parameter. | ||||
| CVE-2006-6445 | 1 Envolution | 1 Envolution | 2025-04-09 | N/A |
| Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | ||||
| CVE-2006-6453 | 1 J-owamp | 1 Web Interface | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter. | ||||
| CVE-2006-6535 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable. | ||||
| CVE-2007-0561 | 1 Xero Portal | 1 Xero Portal | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/. | ||||
| CVE-2007-0565 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2025-04-09 | N/A |
| CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors. | ||||
| CVE-2007-0568 | 1 Myphpcommander | 1 Myphpcommander | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter. | ||||
| CVE-2007-0570 | 1 Johannes Gijsbers | 1 Ad Fundum Integratable News Script | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter. | ||||
| CVE-2007-0572 | 1 Drunken Golem | 1 Gaming Portal | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-0576 | 1 Xt-stats | 1 Xt-stats | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter. | ||||
| CVE-2007-0577 | 1 Acgvclick | 1 Acgvclick | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2007-0592 | 1 Indexcor | 1 Ezdatabase | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. | ||||
| CVE-2007-0593 | 1 Siteman | 1 Siteman | 2025-04-09 | N/A |
| Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt. | ||||
| CVE-2007-0595 | 1 Designmind | 1 High5 Review Script | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box). | ||||
| CVE-2007-0597 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-09 | N/A |
| Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message. | ||||
| CVE-2007-0598 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-09 | N/A |
| SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. | ||||
| CVE-2007-1410 | 1 Gaziyapboz | 1 Game Portal | 2025-04-09 | N/A |
| SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter. | ||||
| CVE-2007-3189 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | ||||
| CVE-2007-3557 | 1 Wheatblog | 1 Wheatblog | 2025-04-09 | N/A |
| SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. | ||||