High
CVE-2006-0570
Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username par…
Tag: PHP
All CVEs associated with "PHP". Page 294/311 • 37316 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37316 CVEs for this tag (all time). In the last 365 days, 6066 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2006-02-07
2006-02-06
Medium
CVE-2006-0562
Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter.
High
CVE-2006-0563
SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action.
High
CVE-2006-0565
PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.
Medium
CVE-2006-0437
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smi…
Medium
CVE-2006-0438
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user…
2006-02-04
High
CVE-2006-0542
Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters.
High
CVE-2006-0545
SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter.
High
CVE-2006-0546
Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key pa…
2006-02-02
High
CVE-2006-0520
SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provena…
Medium
CVE-2006-0521
Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated…
High
CVE-2006-0523
SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable.
Medium
CVE-2006-0524
Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
2006-02-01
Medium
CVE-2006-0506
Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.
Medium
CVE-2006-0509
Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search paramet…
Medium
CVE-2006-0499
Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of th…
High
CVE-2006-0502
PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepat…
High
CVE-2006-0497
Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary SQL commands via unknown attack vectors.
Medium
CVE-2006-0498
Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
High
CVE-2006-0491
SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter.
High
CVE-2006-0492
Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal…
Medium
CVE-2006-0495
Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an…
2006-01-31
Medium
CVE-2006-0470
Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, wh…
Medium
CVE-2006-0471
Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Java…
Medium
CVE-2006-0472
Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javas…
Medium
CVE-2006-0473
Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javas…
Medium
CVE-2006-0475
PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter.
High
CVE-2006-0478
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial annou…
Medium
CVE-2006-0479
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[…
2006-01-27
Medium
CVE-2006-0461
Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).
High
CVE-2006-0462
SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter.
Medium
CVE-2006-0463
Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news…
High
CVE-2006-0464
Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter.
Medium
CVE-2006-0465
Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter.
Medium
CVE-2006-0450
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way…
2006-01-26
Medium
CVE-2006-0442
Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notep…
Medium
CVE-2006-0443
Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a…
Medium
CVE-2006-0444
SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page…
Medium
CVE-2006-0445
index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will displa…
Medium
CVE-2006-0434
Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnera…
2006-01-25
Critical
CVE-2006-0411
claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.
High
CVE-2006-0413
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter.
Medium
CVE-2006-0415
Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter.
Medium
CVE-2006-0416
SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php.
High
CVE-2006-0417
SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the…
High
CVE-2006-0403
Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NO…
Medium
CVE-2006-0406
search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters.
Medium
CVE-2006-0407
Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (…
Medium
CVE-2006-0409
Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.
2006-01-23
Medium
CVE-2006-0378
Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allows remote attackers to inject arbitrary web script or HTML via the product_id parameter, as originally demonstrated for a custom…
2006-01-22
High
CVE-2006-0358
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search…
Medium
CVE-2006-0361
Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment paramete…
Medium
CVE-2006-0371
Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name an…
High
CVE-2006-0372
Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_pass…
2006-01-21
High
CVE-2006-0345
Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already…
Medium
CVE-2006-0346
Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handle…
High
CVE-2006-0349
SQL injection vulnerability in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to blog.php.
Medium
CVE-2006-0350
Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote attackers to inject arbitrary web script or HTML via the message field to topic.php.
Medium
CVE-2006-0327
TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and…
Medium
CVE-2006-0333
Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php.
Medium
CVE-2006-0334
Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources cl…
2006-01-20
High
CVE-2006-0325
Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which…
2006-01-19
High
CVE-2006-0324
SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php.
High
CVE-2006-0311
SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Medium
CVE-2006-0312
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
High
CVE-2006-0313
Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (…
Medium
CVE-2006-0315
index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks,…
Medium
CVE-2006-0317
Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, whic…
High
CVE-2006-0318
SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parame…
High
CVE-2006-0320
SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password para…
High
CVE-2006-0308
PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL…
2006-01-18
Medium
CVE-2006-0244
Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. N…
Medium
CVE-2006-0245
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) c…
High
CVE-2006-0249
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tm…
High
CVE-2006-0235
SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php.
Medium
CVE-2006-0237
Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance…
High
CVE-2006-0238
SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter.
Medium
CVE-2006-0242
Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter.
Medium
CVE-2006-0233
Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag.
High
CVE-2006-0234
SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.
2006-01-16
Critical
CVE-2006-0218
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php,…
High
CVE-2006-0219
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL inject…
Medium
CVE-2006-0220
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the…
Medium
CVE-2006-0222
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.
Medium
CVE-2006-0215
Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: t…
Medium
CVE-2006-0216
admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters…
2006-01-15
High
CVE-2006-0214
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and includ…
2006-01-14
High
CVE-2006-0209
SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id par…
Medium
CVE-2006-0210
Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the L…
2006-01-13
Critical
CVE-2006-0200
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL…
Medium
CVE-2006-0201
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST…
Low
CVE-2006-0202
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view…
Medium
CVE-2006-0204
Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm paramete…
Medium
CVE-2006-0205
Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.ph…
High
CVE-2006-0206
Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by in…
Medium
CVE-2006-0207
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/se…
Low
CVE-2006-0208
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP…
2006-01-12
High
CVE-2006-0182
login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside".
Medium
CVE-2006-0183
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php…
Medium
CVE-2006-0185
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an I…
2006-01-11
High
CVE-2006-0163
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by t…
High
CVE-2006-0164
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
High
CVE-2006-0169
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the up…
High
CVE-2006-0171
PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might…
2006-01-10
Medium
CVE-2006-0152
Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this in…
High
CVE-2006-0154
SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter.
Medium
CVE-2006-0155
Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI.
Medium
CVE-2006-0156
Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php.
Medium
CVE-2006-0157
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_pas…
High
CVE-2006-0158
SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.
High
CVE-2006-0159
SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown,…
2006-01-09
High
CVE-2006-0144
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that p…
High
CVE-2006-0146
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8…
High
CVE-2006-0147
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya,…
Medium
CVE-2006-0140
Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) ur…
Medium
CVE-2006-0142
Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of…
Medium
CVE-2006-0114
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attac…
High
CVE-2006-0123
Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and pos…
Medium
CVE-2006-0124
Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" fiel…
Medium
CVE-2006-0125
Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown;…