CVE Daily
← All tags

Tag: PHP

All CVEs associated with "PHP". Page 291/311 • 37316 CVEs.

Subscribe CVEs: RSS for “PHP”  ·  RSS (High+Critical only)

About “PHP”

A curated feed of “PHP”-related CVEs appears below. We currently track 37316 CVEs for this tag (all time). In the last 365 days, 6066 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2006-04-03
Medium

CVE-2006-1433

Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1434

Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter).

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1435

Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Me…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1438

Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) i…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1590

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1594

Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file pa…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1595

Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHt…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1596

PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter.

CVSS: 7.5 CWE: N/A View on NVD
2006-04-02
Medium

CVE-2006-1575

Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2006-1576

Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1577

Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2)…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2006-1579

SQL injection vulnerability in topics.php in Dynamic Bulletin Board System (DbbS) 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1581

Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the _path parameter.

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2006-1582

Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to inject arbitrary web script or HTML via the _path parameter. NOTE: this might be resultant from t…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-1583

Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-dis…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-1584

Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen func…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2006-1585

Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via (1) the pc parameter in (a) index.php and (2) pnom, (3) pcourriel, and (4) pcomme…

CVSS: 6.4 CWE: N/A View on NVD
2006-04-01
Medium

CVE-2006-1568

Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website paramet…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1569

Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1571

Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1572

SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-1573

PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable).

CVSS: 7.5 CWE: N/A View on NVD
2006-03-31
Medium

CVE-2006-1553

SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1556

Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2006-1557

Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id paramet…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1558

Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2006-1559

SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details ar…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1560

Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) bro…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1561

SQL injection vulnerability in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote attackers to execute arbitrary SQL commands via the x parameter.

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1562

Multiple cross-site scripting (XSS) vulnerabilities in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) au…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2006-1563

Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, whi…

CVSS: 7.6 CWE: N/A View on NVD
2006-03-30
Medium

CVE-2006-1532

Cross-site scripting (XSS) vulnerability in search.php in PHP Classifieds 6.18, 6.20, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchword pa…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1533

SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1534

Multiple SQL injection vulnerabilities in Null news allow remote attackers to execute arbitrary SQL commands via (1) the user_email parameter in (a) lostpass.php, and the (2) user_email and (3) user_…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1535

Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter.

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1536

Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1537

Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-1543

Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) loginvar parameter in (a) admin/admin.php, and…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1544

Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza a…

CVSS: 4.3 CWE: N/A View on NVD
Critical

CVE-2006-1545

Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variab…

CVSS: 9.0 CWE: N/A View on NVD
Medium

CVE-2006-1503

PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in th…

CVSS: 5.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2006-1504

Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1505

base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the st…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1507

Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/log…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2006-1495

SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the log…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1496

Multiple cross-site scripting (XSS) vulnerabilities in index.php in ViHor Design allow remote attackers to inject arbitrary web script or HTML via (1) a remote URL in the page parameter, which is pro…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1497

Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-1499

SQL injection vulnerability in vCounter.php in vCounter 1.0 allows remote attackers to execute arbitrary SQL commands via the URI (_SERVER[REQUEST_URI] variable).

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1500

SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2006-1501

SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2006-03-29
Medium

CVE-2006-1492

Directory traversal vulnerability in dir.php in Explorer XP allows remote attackers to read arbitrary files via the chemin parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1493

Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is re…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1490

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the enco…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1488

ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) print parameters in a kb action to index.php, or (3) an invalid category pa…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-1477

Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1478

Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to in…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1479

Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) n…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1480

Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, th…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1481

SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2006-1482

Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 4.3 CWE: N/A View on NVD
2006-03-28
Medium

CVE-2006-1430

Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID param…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1419

SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1420

SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1421

Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acnam…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1422

SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1423

SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter.

CVSS: 5.0 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2006-1425

Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1426

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) passw…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1428

Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1397

Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1398

Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1.0 allows remote attackers to inject arbitrary web script or HTML via the g_message parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1399

Cross-site scripting (XSS) vulnerability in searchresult.php in Meeting Reserve 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. NOTE: the prove…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1401

Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter.…

CVSS: 4.3 CWE: N/A View on NVD
2006-03-24
High

CVE-2006-1382

PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1373

Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter.

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1374

SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1375

AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1377

Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVSS: 4.3 CWE: N/A View on NVD
2006-03-23
Critical

CVE-2006-1371

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php…

CVSS: 9.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2006-1360

Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) mes…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2006-1363

images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified i…

CVSS: 7.5 CWE: N/A View on NVD
2006-03-22
Medium

CVE-2006-1345

polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error mess…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1346

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences…

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2006-1347

SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1348

Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1349

Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top a…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1350

PHP remote file include vulnerability in index.php in 99Articles.com (aka ArticlesOne.com) Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the p…

CVSS: 7.5 CWE: N/A View on NVD
2006-03-21
Medium

CVE-2006-1336

Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 and possibly other versions before 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) year, (2) month…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1339

Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a ..…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-1341

SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1324

Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter w…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1326

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) fo…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1327

SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1328

SQL injection vulnerability in count.php in Skull-Splitter PHP Downloadcounter for Wallpapers 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) count_fieldname, (2) url_fieldn…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-1330

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2006-1331

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list par…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-1332

Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error mes…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2006-1334

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.

CVSS: 6.4 CWE: N/A View on NVD
2006-03-19
High

CVE-2006-1288

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1289

Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5)…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1290

Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) usernam…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1291

publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and exec…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1292

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1293

Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF).

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1294

PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter.

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2006-1276

admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2006-1277

Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login param…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-1278

SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3)…

CVSS: 6.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Low

CVE-2006-1281

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability t…

CVSS: 3.5 CWE: N/A View on NVD
Medium

CVE-2006-1282

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequenc…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-1265

SQL injection vulnerability in discussion.class.php in xhawk.net discussion 2.0 beta2 allows remote attackers to execute arbitrary SQL commands via the view parameter.

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2006-1270

Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the…

CVSS: 3.5 CWE: N/A View on NVD
High

CVE-2006-1271

SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1272

Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, o…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1252

Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php.

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2006-1256

Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CVSS: 2.6 CWE: N/A View on NVD
High

CVE-2006-1259

Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php.

CVSS: 7.5 CWE: N/A View on NVD
2006-03-15
High

CVE-2006-1243

Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1237

Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2…

CVSS: 7.5 CWE: N/A View on NVD