CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2271 matches found

Prion•added 2006/04/20 10:2 a.m.•16 views

Code injection

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

6CVSS7.3AI score0.01319EPSS

Exploits0References8

exploitpack•added 2006/04/19 12:0 a.m.•20 views

otalCalendar - about.php?inc_dir Remote File Inclusion

otalCalendar - about.php?incdir Remote File Inclusion source: https://www.securityfocus.com/bid/17618/info TotalCalendar is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit...

0.2AI score

Exploits0

securityvulns•added 2006/04/19 12:0 a.m.•67 views

[SA19726] Internet Photoshow "page" File Inclusion Vulnerability

TITLE: Internet Photoshow "page" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA19726 VERIFY ADVISORY: http://secunia.com/advisories/19726/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Internet Photoshow 1.x http://secunia.com/product/9409/ DESCRIPTION: Hessam...

0.8AI score

Exploits0

Prion•added 2006/04/18 10:2 a.m.•18 views

Directory traversal

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hubdir parameter, as demonstrated by including accesslog. NOTE: in some cases, arbitrary remot...

7.5CVSS7.5AI score0.0152EPSS

Exploits1References9Affected Software1

NVD•added 2006/04/18 10:2 a.m.•23 views

CVE-2006-1819

7.5CVSS7.3AI score0.0152EPSS

Exploits1References9

CVE•added 2006/04/18 10:0 a.m.•75 views

CVE-2006-1819

The CVE-2006-1819 issue affects phpWebSite prior to 0.10.2, where the hub_dir parameter in index.php is not properly validated, enabling local file inclusion via include() and possible PHP code execution. The root cause is inadequate verification of hub_dir, which can allow an attacker to referen...

7.5CVSS7.3AI score0.0152EPSS

Exploits1References9Affected Software1

Exploit DB•added 2006/04/17 12:0 a.m.•25 views

Monster Top List 1.4 - 'functions.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17546/info Monster Top List is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

7.4AI score

Exploits0

securityvulns•added 2006/04/15 12:0 a.m.•31 views

phpBB Admin command execution

On a phpBB board, a user having access to the admin panel is able to execute PHP code: This example will execute $usersig as PHP code: Go to Administration Panel Styles Admin Management subSilver Edit Set "Font Colour 3" to "'./" Profile Set Signature to...

0.4AI score

Exploits0

Prion•added 2006/04/13 10:2 a.m.•15 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group AZDG AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the intpath parameter in 1 vote.php, 2 view.php, 3 admin.php, and 4 admin/index.php...

10CVSS8.2AI score0.04005EPSS

Exploits0References6Affected Software1

Prion•added 2006/04/13 10:2 a.m.•18 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the themepath parameter in 1 index.php, 2 becomeeditor.php, 3 add.php, 4 badlink.php, 5 browse.php, 6 detail.php, 7 fav.php, 8 getrated.php,...

7.5CVSS8.2AI score0.09677EPSS

Exploits1References20Affected Software1

securityvulns•added 2006/04/12 12:0 a.m.•29 views

[SA19630] AzDGVote "int_path" File Inclusion Vulnerabilities

TITLE: AzDGVote "intpath" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA19630 VERIFY ADVISORY: http://secunia.com/advisories/19630/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: AzDGVote 1.x http://secunia.com/product/9312/ DESCRIPTION: SnIpErSA has discover...

0.6AI score

Exploits0

exploitpack•added 2006/04/11 12:0 a.m.•14 views

AzDGVote - Remote File Inclusion

AzDGVote - Remote File Inclusion source: https://www.securityfocus.com/bid/17447/info AzDGVote is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

Exploits0

Exploit DB•added 2006/04/11 12:0 a.m.•27 views

Indexu 5.0 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/17470/info The 'indexu' application is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remot...

7.4AI score

Exploits0

Prion•added 2006/04/07 10:4 a.m.•17 views

Code injection

Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts...

7.5CVSS7.7AI score0.00725EPSS

Exploits0References7Affected Software1

Cvelist•added 2006/04/07 10:0 a.m.•21 views

CVE-2006-1658

7.2AI score0.00725EPSS

Exploits0References7

Cvelist•added 2006/04/06 10:0 a.m.•23 views

CVE-2006-1653

PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter...

7.5AI score0.0113EPSS

Exploits1References5

CVE•added 2006/04/05 10:0 a.m.•45 views

CVE-2006-1623

Technical details for CVE-2006-1623 are not publicly available in the provided documents. The descriptions remain vague about vulnerability type, affected product, and impact. Monitor for updates from NVD/CVE records and connected sources.

4.3CVSS6.6AI score0.00483EPSS

Exploits0References5Affected Software1

Cvelist•added 2006/04/05 10:0 a.m.•24 views

CVE-2006-1623

Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development FXB application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specif...

6.6AI score0.00483EPSS

Exploits0References5

Prion•added 2006/04/02 9:4 p.m.•14 views

Code injection

Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php...

7.5CVSS7.9AI score0.012EPSS

Exploits0References6Affected Software1

Prion•added 2006/03/31 11:6 a.m.•13 views

Code injection

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...

7.6CVSS8.2AI score0.00667EPSS

Exploits0References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by