Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | 2enetworx -- OpenForum
| Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb. | | 10.0 | CVE-2007-0076 BUGTRAQ OTHER-REF
| Adobe -- Acrobat Reader Plugin
| Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." | | 7.0 | CVE-2007-0044 BUGTRAQ OTHER-REF OTHER-REF
| Adobe -- Acrobat Reader Plugin
| Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | | 7.0 | CVE-2007-0046 BUGTRAQ OTHER-REF OTHER-REF
| Alan Ward -- aFAQ
| SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter. | | 7.0 | CVE-2006-6831 OTHER-REF XF
| AlstraSoft -- WebHost Directory
| AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. | | 7.0 | CVE-2006-6818 BUGTRAQ BID
| Apple -- QuickTime Player
| Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. | | 7.0 | CVE-2007-0015 OTHER-REF Milw0rm BID OTHER-REF SECTRACK
| AShopSoftware -- AShop Deluxe AShopSoftware -- AShop Administration Panel
| Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php. | | 7.0 | CVE-2007-0056 BUGTRAQ BID
| ASP Siteware -- autoDealer
| SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | | 7.0 | CVE-2007-0053 OTHER-REF BID FRSIRT SECUNIA
| ASPBB -- ASPBB
| AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb. | | 10.0 | CVE-2007-0075 BUGTRAQ OTHER-REF
| ASPTicker -- ASPTicker
| SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. | | 7.0 | CVE-2006-6848 OTHER-REF BID
| Atmel -- Linux PCI PCMCIA USB Drivers
| Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux PCI PCMCIA USB Drivers drivers 3.4.1.1 corruption allows attackers to execute arbitrary code via a long name argument. | | 7.0 | CVE-2006-6881 BUGTRAQ
| Belchior Foundry -- vCard PRO
| Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. | | 7.0 | CVE-2007-0054 BUGTRAQ BID
| Cafelog -- B2 Blog
| PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter. | | 7.0 | CVE-2006-6830 OTHER-REF BID XF
| Cahier de textes -- Cahier de textes
| administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. | | 7.0 | CVE-2006-6849 BUGTRAQ OTHER-REF
| Carbon Communities -- Carbon Communities
| CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. | | 7.0 | CVE-2007-0096 OTHER-REF FRSIRT
| Cisco -- Clean Access
| Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. | | 10.0 | CVE-2007-0057 CISCO FRSIRT
| CMS Made Simple -- CMS Made Simple
| Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. | | 7.0 | CVE-2006-6844 BUGTRAQ OTHER-REF SECTRACK
| CMS Made Simple -- CMS Made Simple
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. | | 7.0 | CVE-2006-6845 BUGTRAQ BID FRSIRT SECUNIA
| CMS-Center -- Simple Web CMS
| SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-0093 BUGTRAQ OTHER-REF
| CodeMonkeyX -- Acronym Mod
| SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2006-6842 OTHER-REF BID XF
| ConeXware -- PowerArchiver 2006
| Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories. | | 8.0 | CVE-2007-0097 FULLDISC OTHER-REF FRSIRT SECUNIA
| Cybercoded -- WYWO - InOut Board
| Multiple SQL injection vulnerabilities in WYWO - InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp. | | 7.0 | CVE-2006-6846 OTHER-REF BID
| De Marchi Daniele -- QuickCam
| The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object. | | 7.0 | CVE-2006-6854 BUGTRAQ BID
| DMXReady -- DMXReady Secure Login Manager
| Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo. | | 7.0 | CVE-2006-6816 BUGTRAQ BID XF
| E-Smart Cart -- E-Smart Cart
| SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | | 7.0 | CVE-2007-0092 OTHER-REF SECUNIA
| Efkan Forum -- Efkan Forum
| Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794. | | 7.0 | CVE-2006-6828 FRSIRT
| eNdonesia -- eNdonesia
| Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php. | | 7.0 | CVE-2006-6871 OTHER-REF BID FRSIRT SECUNIA
| eNdonesia -- eNdonesia
| Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation. | | 7.0 | CVE-2006-6873 OTHER-REF BID FRSIRT SECUNIA
| eNdonesia -- eNdonesia
| Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2006-6874 SECUNIA
| Enigma -- WordPress Bridge
| ** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value. | | 10.0 | CVE-2006-6863 BUGTRAQ OTHER-REF VIM BID SECTRACK
| Enigma2 -- Coppermine Bridge
| PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. | | 10.0 | CVE-2006-6864 BUGTRAQ OTHER-REF VIM BID SECTRACK
| Fermentigrafici -- WineGlass
| WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb. | | 7.0 | CVE-2007-0090 BUGTRAQ OTHER-REF
| FreeRadius -- 1.1.3
| Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party, who states that the server parameter can only be exploited via the FreeRADIUS configuration file. | | 7.0 | CVE-2007-0080 BUGTRAQ BUGTRAQ
| FreeStyle -- FreeStyle Wiki
| FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. | | 7.0 | CVE-2006-6889 OTHER-REF XF
| Geckovich -- TaskTracker Pro Geckovich -- TaskTracker
| Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. | | 7.0 | CVE-2007-0049 OTHER-REF BID SECUNIA
| IBM -- OS/400
| Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing. | | 7.0 | CVE-2006-6836 AIXAPAR OTHER-REF BID SECUNIA
| Iconics -- Dialog Wrapper Module ActiveX Control
| Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. | | 7.0 | CVE-2006-6488 CERT-VN FRSIRT SECUNIA
| IMGallery -- IMGallery
| users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. | | 7.0 | CVE-2007-0082 OTHER-REF BID FRSIRT XF
| JGBBS -- JGBBS
| jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb. | | 7.0 | CVE-2007-0089 BUGTRAQ OTHER-REF
| Joomla! -- Joomla!
| Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. | | 7.0 | CVE-2006-6832 OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| Joomla! -- Joomla!
| com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | | 7.0 | CVE-2006-6833 OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| Joomla! -- BE IT EasyPartner component
| PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2006-6843 BID
| Katy Whitton Web Development -- newsCMSlite
| newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. | | 7.0 | CVE-2007-0091 OTHER-REF XF
| KDE -- KsIRC
| Buffer overflow in KsIRC 1.3.12 allows remote attackers to execute arbitrary code via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server. | | 7.0 | CVE-2006-6811 OTHER-REF BID OTHER-REF FRSIRT SECTRACK XF
| MAXdev -- MDForum
| Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | | 8.0 | CVE-2006-6869 OTHER-REF BID FRSIRT
| Mozilla -- Durian Web Application Server
| Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. | | 10.0 | CVE-2006-6853 OTHER-REF OTHER-REF BID XF
| MXmania -- MXmania File Upload Manager
| SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | | 7.0 | CVE-2006-6813 OTHER-REF BID FRSIRT SECUNIA
| MXmania -- Calendar MX BASIC
| Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2006-6825 FRSIRT
| myPHPCalendar -- myPHPCalendar
| Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php. | | 7.0 | CVE-2006-6812 OTHER-REF BID
| MythControl -- MythControl
| Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information. | | 10.0 | CVE-2006-6860 BUGTRAQ BID SECTRACK
| Neocrome -- Land Down Under
| SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php. | | 7.0 | CVE-2006-6835 BUGTRAQ XF
| Netfarer.com -- MoviePlay
| Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-0016 BID SECUNIA
| OpenMedia -- OpenMedia
| Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php. | | 8.0 | CVE-2007-0088 BUGTRAQ
| OpenPinboard -- OpenPinboard
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by a third party, who states that the vulnerable is set before use. | | 7.0 | CVE-2007-0050 BUGTRAQ BUGTRAQ
| OpenSER -- OpenSER OSP Module OpenSER -- OpenSER
| Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header. | | 7.0 | CVE-2006-6875 BUGTRAQ BID
| OpenSER -- OpenSER
| The fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.1.0 and earlier might allow remote attackers to execute arbitrary code via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument. | | 7.0 | CVE-2006-6876 BUGTRAQ BID
| Outfront -- Spooky Login
| Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp. | | 10.0 | CVE-2006-6861 BUGTRAQ BID
| Outfront -- Spooky Login
| Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp. | | 7.0 | CVE-2006-6862 BUGTRAQ BID
| Personal .NET Portal -- Personal .NET Portal
| Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak." | | 7.0 | CVE-2006-6826 OTHER-REF FRSIRT XF
| PHP iCalendar -- PHP iCalendar
| Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2006-6824 OTHER-REF BID SECTRACK SECUNIA
| PHP-Update -- PHP-Update
| admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. | | 7.0 | CVE-2006-6878 OTHER-REF BID SECUNIA
| PHP-Update -- PHP-Update
| Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. | | 7.0 | CVE-2006-6880 OTHER-REF BID SECUNIA
| phpBB Group -- phpBB
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." | | 7.0 | CVE-2006-6839 OTHER-REF BID
| phpBB Group -- phpBB
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." | | 7.0 | CVE-2006-6840 OTHER-REF BID
| phpBB Group -- phpBB
| Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. | | 7.0 | CVE-2006-6841 OTHER-REF BID
| PHPIrc_bot -- PHPIrc_bot
| ** DISPUTED ** PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used. | | 7.0 | CVE-2006-6883 BUGTRAQ MLIST
| Red Hat -- Red Hat Enterprise Linux AS OpenOffice -- OpenOffice Red Hat -- Red Hat Enterprise Linux ES Red Hat -- Red Hat Enterprise Linux WS Red Hat -- Red Hat Desktop
| Multiple integer overflows in OpenOffice.org 2.0.4 and earlier, and possibly other versions, allow remote user-assisted attackers to execute arbitrary code via a crafted WMF file. | | 8.0 | CVE-2006-5870 OTHER-REF REDHAT
| Rediff -- Bol Downloader ActiveX (OCX) control
| Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter. | | 7.0 | CVE-2006-6838 BUGTRAQ OTHER-REF BID
| Shadowed Works -- Shadowed Portal
| PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | | 7.0 | CVE-2006-6850 OTHER-REF OTHER-REF FRSIRT XF
| Sven Moderow -- GuestBook
| Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/. | | 7.0 | CVE-2007-0094 BUGTRAQ OTHER-REF
| tDiary -- tDiary
| Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information. | | 10.0 | CVE-2006-6852 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| The Address Book -- The Address Book
| Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php. | | 7.0 | CVE-2006-4575 OTHER-REF SECUNIA
| The Address Book -- The Address Book
| Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php. | | 7.0 | CVE-2006-4577 OTHER-REF SECUNIA
| The Address Book -- The Address Book
| export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information. | | 7.0 | CVE-2006-4578 OTHER-REF SECUNIA
| The Address Book -- The Address Book
| register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm". | | 7.0 | CVE-2006-4580 OTHER-REF SECUNIA
| VerliAdmin -- VerliAdmin
| Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | | 7.0 | CVE-2007-0098 OTHER-REF FRSIRT
| Vizayn Haber -- Vizayn Haber
| SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-0052 OTHER-REF BID FRSIRT SECUNIA
| Vladimir Menshakov -- buratinable templator
| Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter. | | 7.0 | CVE-2006-6809 OTHER-REF BID FRSIRT XF
| Vladimir Meshakov -- Bubla
| Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809. | | 7.0 | CVE-2006-6867 OTHER-REF BID FRSIRT SECUNIA XF
| Voc-Project -- Voodoo Chat
| Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat. | | 7.0 | CVE-2006-6890 OTHER-REF XF
| Website Designs for Less -- Click N' Print Coupons
| SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | | 10.0 | CVE-2006-6859 OTHER-REF BID FRSIRT SECUNIA
| WebText -- WebText
| Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. | | 7.0 | CVE-2006-6856 OTHER-REF BID FRSIRT SECUNIA
| Yrch! -- Yrch!
| PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | | 7.0 | CVE-2006-6823 OTHER-REF BID FRSIRT XF
| Zen Cart -- Web Shopping Cart
| Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | | 7.0 | CVE-2006-6868 OTHER-REF BID SECUNIA
|