CVE-2005-1996

The CVE-2005-1996 entry describes a PHP remote file inclusion vulnerability in Bitrix Site Manager 4.0.x, specifically in start.php, allowing remote code execution via the _SERVER[DOCUMENT_ROOT] parameter. The vulnerability targets the start.php component and is triggered by manipulating the DOCU...

CVE-2006-2476

CVE-2006-2476 affects Bitrix Site Manager 4.1.x where updater.log is stored in the web document root with insufficient access control, enabling remote attackers to obtain sensitive information. Root cause: improper access restrictions on updater.log. Impact is information disclosure of potentiall...

CVE-2005-1995

Bitrix Site Manager 4.0.x is affected by an information disclosure vulnerability. The issue occurs when remote attackers request one of two PHP scripts (subscr_form.php or dbquery_error.php) and trigger an error message that reveals the installation path, exposing sensitive information. The vulne...

CVE-2006-2478

Bitrix Site Manager 4.1.x is affected by CVE-2006-2478: remote attackers can redirect users to other websites by supplying a modified back_url in a HTTP POST request. The root cause and impact are limited to redirects as described; exploitation details or in‑the‑wild status are not provided in th...

CVE-2006-2477

CVE-2006-2477 is an XSS vulnerability affecting the administrative interface of Bitrix Site Manager 4.1.x. It allows remote attackers to inject arbitrary web script or HTML via unspecified inputs. The CVSS v2 base score is 4.9 (Medium) with network attack vector, requiring authentication (single)...

CVE-2006-2479

Technical details about CVE-2006-2479 are not publicly provided in the supplied documents. Monitor for updates; current records summarize the issue at a high level without specifics on affected versions, vectors, or mitigations.