Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7013 | 1 Simple Machines | 1 Simple Machines Forum | 2024-08-07 | 7.5 HIGH | N/A |
| QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue | |||||
| CVE-2006-6541 | 1 Php | 1 Animated Smiley Generator | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley Generator were affected, not the developer-provided software: "Legitimately purchased applications do not allow this exploit. | |||||
| CVE-2006-6550 | 1 Phorum | 1 Phorum | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use | |||||
| CVE-2006-6883 | 1 Phpirc Bot | 1 Phpirc Bot | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used | |||||
| CVE-2006-6167 | 1 Active Php Bookmarks | 1 Active Php Bookmarks | 2024-08-07 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks (APB) 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS['apb_path'] parameter in (1) apb_common.php or (2) apb.php. NOTE: CVE and another third party dispute this vulnerability because these PHP scripts exit if the attack vectors are present in GPC variables | |||||
| CVE-2006-6308 | 1 Symantec | 1 Livestate Agent For Windows | 2024-08-07 | 4.3 MEDIUM | N/A |
| Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability | |||||
| CVE-2006-7006 | 1 Robin De Graff | 1 Somery | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals | |||||
| CVE-2006-6415 | 1 Phpadsnew | 1 Phpadsnew | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/lib-maintenance.inc.php in phpAdsNew 2.0.4-pr2 allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter, a different component than CVE-2006-3984. NOTE: this issue is disputed by CVE, since phpAds_path is used as a constant | |||||
| CVE-2006-7120 | 1 Osu Open Source Lab | 1 Maintain | 2024-08-07 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php | |||||
| CVE-2006-6549 | 1 Rad Inks | 1 Rad Upload | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below. | |||||
| CVE-2006-7141 | 1 Oracle | 1 Database Server | 2024-08-07 | 6.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability | |||||
| CVE-2024-41828 | 1 Jetbrains | 1 Teamcity | 2024-08-07 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time | |||||
| CVE-2006-4562 | 1 Symantec | 1 Gateway Security | 2024-08-07 | 5.0 MEDIUM | N/A |
| The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface | |||||
| CVE-2006-5097 | 1 Net2ftp | 1 Net2ftp | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability. | |||||
| CVE-2006-5549 | 1 Adobe | 1 Adobe Php Ria Sdk | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant | |||||
| CVE-2006-5234 | 1 Phpwebsite | 1 Phpwebsite | 2024-08-07 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable | |||||
| CVE-2006-5899 | 1 Acid Stats | 1 Acid Stats | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and, if not deleted, intentionally allows setting repertoire without an inclusion attack | |||||
| CVE-2006-5095 | 1 Myphotos | 1 Myphotos | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions | |||||
| CVE-2006-4609 | 1 Phpprojekt | 1 Phpprojekt | 2024-08-07 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used | |||||
| CVE-2006-5920 | 1 Yuuki Yoshizawa | 1 Exporia | 2024-08-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: SecurityFocus disputes this issue, saying "further analysis reveals that the application is not vulnerable." NOTE: this issue may overlap CVE-2006-5113 | |||||