Lucene search
K

2870 matches found

NVD
NVD
added 2006/12/08 1:28 a.m.12 views

CVE-2006-6390

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...

6.8CVSS7.3AI score0.02025EPSS
Exploits1References5
Cvelist
Cvelist
added 2006/12/08 1:0 a.m.19 views

CVE-2006-6390

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...

7.3AI score0.02025EPSS
Exploits1References5
CVE
CVE
added 2006/12/03 6:0 p.m.53 views

CVE-2006-6242

CVE-2006-6242 affects Serendipity 1.0.3 and earlier. The issue is multiple directory traversal/local file inclusion (LFI) flaws triggered by an unsanitized serendipity[charset] parameter, allowing an attacker to read or include arbitrary local files. The basic entry points include include/lang.in...

6.8CVSS6.8AI score0.04516EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2006/12/03 6:0 p.m.22 views

CVE-2006-6242

Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. dot dot sequence in the serendipitycharset parameter in 1 include/lang.inc.php; or to plugins/ scripts 2...

6.8AI score0.04516EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2006/11/30 12:0 a.m.23 views

FreeBSD : kronolith -- arbitrary local file inclusion vulnerability (a8af7d70-8007-11db-b280-0008743bf21a)

iDefense Labs reports : Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running web server. The vulnerability specifically exists due to a design error in the way it includes...

6AI score
Exploits0References2
NVD
NVD
added 2006/11/06 6:7 p.m.17 views

CVE-2006-5733

Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then includ...

7.5CVSS7.2AI score0.02979EPSS
Exploits1References6
CVE
CVE
added 2006/11/04 1:0 a.m.33 views

CVE-2006-5716

CVE-2006-5716 affects FreeNews 2.1. A directory traversal flaw in aff_news.php allows remote attackers to include local files via a ".." sequence in the chemin parameter when aff_news is not set to "1". The vulnerability targets the file handling logic in FreeNews 2.1 and can expose local files t...

5CVSS6.8AI score0.02888EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/10/30 6:0 p.m.38 views

CVE-2006-5604

CVE-2006-5604 is a directory traversal vulnerability in phpcards.header.php of phpCards 1.3. It allows remote attackers to include and execute arbitrary local files by supplying a .. (dot dot) in the CardLanguageFile parameter. According to the NVD entry, the impact is partial confidentiality, in...

7.5CVSS7.5AI score0.02212EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2006/10/26 5:7 p.m.13 views

CVE-2006-5528

Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the mod parameter. NOTE: some of these details are obtained from third party information...

5CVSS7.1AI score0.01852EPSS
Exploits1References2
NVD
NVD
added 2006/10/26 5:7 p.m.14 views

CVE-2006-5554

Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. dot dot in the usersettings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is...

7.5CVSS7.2AI score0.02437EPSS
Exploits1References4
Cvelist
Cvelist
added 2006/10/26 5:0 p.m.20 views

CVE-2006-5554

Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. dot dot in the usersettings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is...

7.2AI score0.02437EPSS
Exploits1References4
NVD
NVD
added 2006/10/25 10:7 p.m.16 views

CVE-2006-5510

Directory traversal vulnerability in explorerloadlang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code...

6.4CVSS6.7AI score0.02914EPSS
Exploits1References7
Cvelist
Cvelist
added 2006/10/25 10:0 p.m.19 views

CVE-2006-5510

Directory traversal vulnerability in explorerloadlang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code...

6.7AI score0.02914EPSS
Exploits1References7
Cvelist
Cvelist
added 2006/10/12 10:0 p.m.24 views

CVE-2006-5263

Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently...

7.2AI score0.02544EPSS
Exploits1References5
CVE
CVE
added 2006/10/12 10:0 p.m.39 views

CVE-2006-5263

The CVE-2006-5263 issue affects phpMyAgenda 3.1 and earlier, where a directory traversal vulnerability in templates/header.php3 allows remote attackers to include and execute arbitrary local files by passing a .. in the language parameter (example using an Apache log file that contains PHP code)....

7.5CVSS7.5AI score0.02544EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2006/10/03 4:3 a.m.16 views

CVE-2006-5115

Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file throug...

5.1CVSS7.3AI score0.02371EPSS
Exploits1References5
Cvelist
Cvelist
added 2006/10/02 11:0 p.m.21 views

CVE-2006-5149

Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the page parameter to shared/help.php or 2 the tab parameter to shared/header.php...

7.3AI score0.01971EPSS
Exploits0References7
CVE
CVE
added 2006/10/02 8:0 p.m.41 views

CVE-2006-5115

CVE-2006-5115 describes a directory-traversal in the web app component kgcall.php of KGB 1.87 . An attacker can abuse the engine parameter with a ".." path to trick the app into including and executing arbitrary local files, demonstrated by uploading a PHP-coded image with an image/jpeg content t...

5.1CVSS7.7AI score0.02371EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2006/09/13 11:7 p.m.18 views

CVE-2006-4767

Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript aka WM-News 0.5beta allow remote attackers to 1 read arbitrary local files via a .. dot dot sequence in the ide parameter in modify.php and 2 write to arbitrary local files via a .. sequence in the var parameter in addgo.php...

6.4CVSS6.6AI score0.01531EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/09/13 11:0 p.m.22 views

CVE-2006-4767

Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript aka WM-News 0.5beta allow remote attackers to 1 read arbitrary local files via a .. dot dot sequence in the ide parameter in modify.php and 2 write to arbitrary local files via a .. sequence in the var parameter in addgo.php...

6.6AI score0.01531EPSS
Exploits0References5
Rows per page
Query Builder