Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Abarcar Software -- Abarcar Realty Portal
| SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | | 4.7 | CVE-2006-2853 OTHER-REF BID OTHER-REF FRSIRT SECUNIA
| ALWIL -- Avast! Antivirus
| Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. | | 4.9 | CVE-2006-2869 OTHER-REF BID FRSIRT SECUNIA
| Andrew Godwin -- ByteHoard
| PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter. | | 4.7 | CVE-2006-2849 OTHER-REF SECUNIA BUGTRAQ BID FRSIRT SECTRACK OSVDB
| Apache Software Foundation -- SpamAssassin
| SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | | 5.6 | CVE-2006-2447 OTHER-REF DEBIAN REDHAT BID FRSIRT SECUNIA SECUNIA BUGTRAQ SECUNIA
| Arabless -- SaphpLesson
| SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php. | | 4.9 | CVE-2006-2835 BUGTRAQ
| ASPScriptz -- ASPScriptz Guest Book
| Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields. | | 4.7 | CVE-2006-2882 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
| BlueShoes -- BlueShoes Framework
| Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php. | | 5.6 | CVE-2006-2864 Milw0rm BID FRSIRT SECUNIA
| Claroline -- Claroline
| Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php. | | 5.6 | CVE-2006-2868 OTHER-REF FRSIRT SECUNIA BID
| CMPro Team -- Clan Manager Pro
| PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters. | | 5.6 | CVE-2006-2921 OTHER-REF FRSIRT SECUNIA
| CMS-Bandits -- CMS-Bandits
| Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php. | | 5.6 | CVE-2006-2928 BUGTRAQ FRSIRT SECUNIA
| CS-Cart -- CS-Cart
| PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter. | | 5.6 | CVE-2006-2863 Milw0rm BID FRSIRT SECUNIA
| Dotclear -- Dotclear
| PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5. | | 5.6 | CVE-2006-2866 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
| Dotproject -- Dotproject
| Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. | | 4.7 | CVE-2006-2851 OTHER-REF OTHER-REF FRSIRT SECUNIA BID
| dotWidget -- dotWidget CMS
| PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when register_globals is enabled, allowd remote attackers to execute arbitrary PHP code via a URL in the file_path parameter in (1) index.php, (2) feedback.php, and (3) printfriendly.php. | | 4.7 | CVE-2006-2852 BUGTRAQ OTHER-REF BID SECUNIA FRSIRT SECTRACK
| ESTsoft -- InternetDISK
| Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. | | 4.2 | CVE-2006-2899 BUGTRAQ BID
| F-Secure -- Anti-Virus F-Secure -- Internet Gatekeeper
| Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. | | 4.7 | CVE-2006-2838 OTHER-REF FRSIRT SECUNIA SECTRACK SECTRACK
| Full Revolution -- aspWebLinks
| SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter. | | 4.7 | CVE-2006-2847 BUGTRAQ OTHER-REF SECUNIA BID FRSIRT
| iBWd -- iBWd Guestbook
| SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | | 4.7 | CVE-2006-2854 OTHER-REF BID FRSIRT SECUNIA
| KKE Info Media -- Kmita FAQ
| Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | | 4.7 | CVE-2006-2883 BUGTRAQ BID SECUNIA FRSIRT
| KKE Info Media -- Kmita FAQ
| SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | | 4.7 | CVE-2006-2884 BUGTRAQ BID SECUNIA FRSIRT
| knowledgetree -- knowledgetree
| Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php. | | 4.7 | CVE-2006-2885 OTHER-REF FRSIRT SECUNIA BID
| Lifetype -- Lifetype
| SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php). | | 4.7 | CVE-2006-2857 BUGTRAQ OTHER-REF BID SECUNIA FRSIRT
| Locazo! -- LocazoList Classifieds
| SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1.05e allows remote attackers to execute arbitrary SQL commands via the msgid parameter. | | 4.7 | CVE-2006-2858 BUGTRAQ BID BUGTRAQ FRSIRT SECTRACK SECUNIA
| Miraks -- MiraksGalerie
| Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to execute arbitrary PHP code via a URL in the (1) g_pcltar_lib_dir parameter in (a) pcltar.lib.php when register_globals is enabled, and (2) listconfigfile[] parameter in (b) galsecurity.lib.php and (c) galimage.lib.php. | | 5.6 | CVE-2006-2922 BUGTRAQ SECUNIA
| myWebland -- myBloggie
| ** DISPUTED ** PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multiple third party followups, which say that the MyBloggie source code does not demonstrate the issue, so it might be the result of another module. CVE analysis as of 20060605 agrees with the dispute. In addition, scode.php is not part of the MyBloggie distribution. | | 4.7 | CVE-2006-2859 BUGTRAQ BUGTRAQ BID BUGTRAQ
| Ottoman -- Ottoman
| PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php. | | 5.6 | CVE-2006-2767 OTHER-REF BID FRSIRT SECUNIA OSVDB OSVDB
| Particle Soft -- Particle Wiki
| SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | | 4.7 | CVE-2006-2861 OTHER-REF FRSIRT SECUNIA BID
| Particle Soft -- Particle Gallery
| SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter. | | 4.7 | CVE-2006-2862 OTHER-REF FRSIRT SECUNIA BID
| PHP Labware -- LabWiki
| Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter. | | 4.7 | CVE-2006-2850 OTHER-REF FRSIRT SECUNIA BID
| Pineapple Technologies -- Lore
| SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | | 4.9 | CVE-2006-2836 OTHER-REF FRSIRT SECUNIA
| Pixelpost -- Pixelpost
| Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | | 5.6 | CVE-2006-2889 BUGTRAQ OTHER-REF BID SECTRACK
| Pixelpost -- Pixelpost
| Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | | 5.6 | CVE-2006-2890 BUGTRAQ OTHER-REF BID SECTRACK
| Redaxo -- Redaxo
| PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php. | | 4.7 | CVE-2006-2843 BUGTRAQ OTHER-REF SECUNIA FRSIRT SECTRACK
| Redaxo -- Redaxo
| Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. | | 4.7 | CVE-2006-2844 BUGTRAQ OTHER-REF SECUNIA FRSIRT SECTRACK
| Redaxo -- Redaxo
| PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. | | 4.7 | CVE-2006-2845 BUGTRAQ OTHER-REF SECUNIA FRSIRT SECTRACK
| Sun -- Sun Grid Engine Sun -- Sun N1 Grid Engine
| Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied. | | 4.9 | CVE-2006-2930 SUNALERT FRSIRT SECUNIA
| VisionGate -- VisionGate Portal System
| Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 4.7 | CVE-2006-2846 BID
| Webspot -- WebspotBlogging
| PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) inc/logincheck.inc.php, (2) inc/adminheader.inc.php, (3) inc/global.php, or (4) inc/mainheader.inc.php. | | 4.7 | CVE-2006-2860 OTHER-REF BID SECUNIA FRSIRT
| xueBook -- xueBook
| SQL injection vulnerability in index.php in xueBook 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter. | | 4.7 | CVE-2006-2855 OTHER-REF BID FRSIRT SECUNIA
|