Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | AFGB -- AFGB Guestbook
| Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the Htmls parameter in (1) add.php, (2) admin.php, (3) look.php, or (4) re.php. | | 7.0 | CVE-2006-5307 Milw0rm BID SECUNIA XF
| Alex -- DownloadEngine
| PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | | 7.0 | CVE-2006-5291 BUGTRAQ Milw0rm BID FRSIRT SECUNIA XF
| Apple -- Xcode Tools Openbase International Ltd -- OpenBase
| Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. | | 7.0 | CVE-2006-5327 OTHER-REF OTHER-REF BID SECUNIA FRSIRT FRSIRT SECUNIA
| Apple -- Xcode Tools Openbase International Ltd -- OpenBase
| OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. | | 7.0 | CVE-2006-5328 OTHER-REF OTHER-REF BID SECUNIA
| AROUNDMe -- AROUNDMe
| PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter. | | 7.0 | CVE-2006-5401 OTHER-REF BID XF
| Barry Nauta -- BRIM
| Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter in template.tpl.php in (1) templates/barrel/, (2) templates/sidebar/, (3) templates/text-only, (4) templates/slashdot/, (5) templates/penguin/, (6) templates/pda/, (7) templates/oerdec/, (8) templates/nifty/, (9) templates/mylook, and (10) templates/barry/. | | 7.0 | CVE-2006-5429 OTHER-REF BID FRSIRT SECUNIA XF
| Buzlas -- Buzlas
| PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2006-5311 BUGTRAQ BID
| CDS Software Consortium -- CDS Agenda
| PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter. | | 7.0 | CVE-2006-5384 OTHER-REF BID FRSIRT SECUNIA XF
| Cerberus -- Helpdesk
| rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request. | | 7.0 | CVE-2006-5428 OTHER-REF BID FRSIRT SECUNIA
| Clam Anti-Virus -- ClamAV
| Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected. | | 7.0 | CVE-2006-4182 IDEFENSE BID FRSIRT SECUNIA
| Contenido -- Contendio
| ** DISPUTED ** Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenido_path is set to a static value. | | 7.0 | CVE-2006-5380 BUGTRAQ MLIST XF
| Def-Blog -- Def-Blog
| SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. | | 7.0 | CVE-2006-5383 OTHER-REF BID FRSIRT SECUNIA XF
| Dimitri Seitz -- Security Suite IP Logger
| Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz Security Suite IP Logger in dwingmods for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) mkb.php, (2) iplogger.php, (3) admin_board2.php, or (4) admin_logger.php in includes/, different vectors than CVE-2006-5224. | | 7.0 | CVE-2006-5325 BUGTRAQ
| Exhibit Engine -- Exhibit Engine
| PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | | 7.0 | CVE-2006-5292 OTHER-REF BID XF
| Highwall -- Highwall Endpoint Highwall -- Highwall Enterprise
| Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | | 7.0 | CVE-2006-5409 BUGTRAQ BID
| IBM -- Websphere Application Server
| The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. | | 7.0 | CVE-2006-5324 OTHER-REF OTHER-REF AIXAPAR FRSIRT SECUNIA
| IncCMS Technology -- IncCMS Core
| PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | | 7.0 | CVE-2006-5304 OTHER-REF OTHER-REF BID SECUNIA
| jhjgubbels -- eboli
| PHP remote file inclusion vulnerability in index.php in eboli allows remote attackers to execute arbitrary PHP code via a URL in the contentSpecial parameter. | | 7.0 | CVE-2006-5317 BUGTRAQ ACID-ROOT Milw0rm BID
| Justin White -- FreeWPS
| Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs. | | 7.0 | CVE-2006-5411 BUGTRAQ BID SECUNIA XF
| KDE -- kdelibs
| Integer overflow in Qt, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. | | 8.0 | CVE-2006-4811 REDHAT OTHER-REF
| LoCal Calendar System -- LoCal Calendar System
| PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter. | | 7.0 | CVE-2006-5426 OTHER-REF BID FRSIRT SECUNIA
| Lodel -- Lodel CMS
| PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter. | | 7.0 | CVE-2006-5422 BUGTRAQ BID FRSIRT SECUNIA XF
| Lou Portail -- Lou Portail
| PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-5423 BID FRSIRT SECUNIA
| Microsoft -- Class Package Export Tool
| Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-5395 BID
| Minichat -- Minichat
| PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter. | | 7.0 | CVE-2006-5283 Milw0rm FRSIRT SECUNIA XF
| navyism -- n@board
| PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter. | | 7.0 | CVE-2006-5281 Milw0rm FRSIRT SECUNIA XF
| Nayco -- JASmine
| PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter. | | 7.0 | CVE-2006-5318 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF FRSIRT
| News Defilante Horizontale -- News Defilante Horizontale
| PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2006-5415 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| NuralStorm -- NuralStorm Webmail
| PHP remote file inclusion vulnerability in process.php in NuralStorm Webmail 0.98b and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DEFAULT_SKIN parameter. | | 7.0 | CVE-2006-5386 OTHER-REF FRSIRT SECUNIA XF
| Nvidia -- Binary Graphics Driver
| The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations. | | 7.0 | CVE-2006-5379 BUGTRAQ OTHER-REF OTHER-REF CERT-VN FRSIRT SECTRACK SECUNIA
| Open Conference Systems -- Open Conference Systems
| Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php. | | 7.0 | CVE-2006-5308 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF SECUNIA XF BID FRSIRT SECTRACK
| OpenDoc -- FullCore
| Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart.php, (5) lib_sys_cart.php, and (6) txt_info_cart.php in sw/lib_cart/; (7) comment.php, (8) find_comment.php, and (9) lib_comment.php in sw/lib_comment/; (10) sw/lib_find/find.php; and other unspecified PHP scripts. | | 7.0 | CVE-2006-5392 OTHER-REF BID FRSIRT XF
| Oracle -- Oracle HTTP Server
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS04. | | 7.0 | CVE-2006-5347 ORACLE BID FRSIRT
| Oracle -- Oracle E-Business Suite and Applications Oracle -- Oracle Collaboration Suite Oracle -- Oracle HTTP Server
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05. | | 7.0 | CVE-2006-5348 ORACLE BID FRSIRT
| Oracle -- Oracle HTTP Server
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07. | | 7.0 | CVE-2006-5349 OTHER-REF BID FRSIRT
| Oracle -- Application Express
| Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35. | | 7.0 | CVE-2006-5351 OTHER-REF BID FRSIRT
| Oracle -- Application Express
| Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21. | | 7.0 | CVE-2006-5352 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g Oracle -- Oracle Collaboration Suite
| Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewrite Module, aka Vuln# OHS01. | | 7.0 | CVE-2006-5353 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g Oracle -- Oracle Collaboration Suite Oracle -- Oracle HTTP Server Oracle -- E-Business Suite
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06. | | 7.0 | CVE-2006-5354 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g Oracle -- Oracle Collaboration Suite Oracle -- E-Business Suite
| Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# SSO01. | | 7.0 | CVE-2006-5355 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g Oracle -- Oracle Collaboration Suite
| Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, and Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J02. | | 7.0 | CVE-2006-5356 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g
| Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 10.1.2.0.2, and 10.1.2.1.0 has unknown impact and remote attack vectors related to the PHP Module, aka Vuln# OHS03. | | 7.0 | CVE-2006-5357 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g
| Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln# FORM01. | | 7.0 | CVE-2006-5358 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g Oracle -- E-Business Suite
| Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle E-Business Suite and Applications 11.5.10CU2, have unknown impact and remote attack vectors, aka Vuln# (1) REP01 and (2) REP02. | | 7.0 | CVE-2006-5359 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g
| Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.2 has unknown impact and remote attack vectors, aka Vuln# FORM03. | | 7.0 | CVE-2006-5360 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g Oracle -- Oracle Collaboration Suite
| Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.1, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J03. | | 7.0 | CVE-2006-5361 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g
| Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 10.1.3.0.0 has unknown impact and remote attack vectors, aka Vuln# OC4J04. | | 7.0 | CVE-2006-5362 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g Oracle -- Oracle Collaboration Suite
| Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 10.1.2.0.1 and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka Vuln# SSO02. | | 7.0 | CVE-2006-5363 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g Oracle -- Oracle Collaboration Suite
| Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.1 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote authenticated attack vectors, aka Vuln# OC4J05. | | 7.0 | CVE-2006-5364 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g Oracle -- E-Business Suite
| Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors, aka Vuln# FORM02. | | 7.0 | CVE-2006-5365 OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g
| Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and remote attack vectors related to (1) Oracle Containers for J2EE, aka Vuln# OC4J01, and (2) Oracle Process Mgmt & Notification, aka OPMN01. | | 7.0 | CVE-2006-5366 OTHER-REF BID FRSIRT
| Oracle -- E-Business Suite
| Unspecified vulnerability in Oracle Exchange component in Oracle E-Business Suite 6.2.4 has unknown impact and remote attack vectors, aka Vuln# APPS01. | | 7.0 | CVE-2006-5368 OTHER-REF BID FRSIRT
| Oracle -- E-Business Suite
| Unspecified vulnerability in Oracle Application Object Library in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS02. | | 7.0 | CVE-2006-5369 OTHER-REF BID FRSIRT
| Oracle -- E-Business Suite
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS06 for Oracle CRM Gateway for Mobile Devices and (2) APPS08 for Oracle iStore. | | 7.0 | CVE-2006-5370 OTHER-REF BID FRSIRT
| Oracle -- Pharmaceutical Applications
| Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01. | | 7.0 | CVE-2006-5374 OTHER-REF BID FRSIRT
| Oracle -- Oracle PeopleSoft Enterprise
| Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03. | | 7.0 | CVE-2006-5375 OTHER-REF BID FRSIRT
| osTicket -- osTicket
| PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | | 7.0 | CVE-2006-5407 BUGTRAQ XF
| phpBB -- Journals System module
| Multiple PHP remote file inclusion vulnerabilities in the Journals System module 1.0.2 (RC2) and earlier for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/journals_delete.php, (2) includes/journals_post.php, or (3) includes/journals_edit.php. | | 7.0 | CVE-2006-5306 BUGTRAQ Milw0rm BID FRSIRT SECTRACK SECUNIA XF
| phpBB -- Prillian French
| PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2006-5309 BUGTRAQ Milw0rm BID FRSIRT SECUNIA XF
| phpBB -- Ajax Shoutbox
| PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Shoutbox 0.0.5 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2006-5312 Milw0rm XF
| phpBB -- ACP User Registration Module
| PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2006-5390 Milw0rm OTHER-REF BID SECUNIA XF
| phpBB -- SearchIndexer
| PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2006-5418 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| phpBB PlusXL -- PlusXL
| PHP remote file inclusion vulnerability in mods/iai/includes/constants.php in the PlusXL 20_272 and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2006-5387 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| phpBB Prillian -- French Language Pack
| PHP remote file inclusion vulnerability in language/lang/lang_contact_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-5326 FRSIRT SECUNIA
| phpLibre -- TribunaLibre
| PHP remote file inclusion vulnerability in ftag.php in TribunaLibre 3.12 Beta allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter. | | 7.0 | CVE-2006-5314 BUGTRAQ ACID-ROOT Milw0rm XF
| phpLibre -- RegistroTL
| PHP remote file inclusion vulnerability in main.php in registroTL allows remote attackers to execute arbitrary PHP code via an ftp:// URL in the page parameter. | | 7.0 | CVE-2006-5315 BUGTRAQ ACID-ROOT Milw0rm BID XF
| PHPmybibli -- PHPmybibli
| Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_path parameter in (b) index.php; the (5) javascript_path parameter in (c) edit.php; the (6) include_path parameter in (d) circ.php; unspecified parameters in (e) select.php; and unspecified parameters in other files. | | 7.0 | CVE-2006-5402 BUGTRAQ OTHER-REF BID
| phpMyConferences -- phpMyConferences
| PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in phpMyConferences (phpMyConference) 8.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter. | | 7.0 | CVE-2006-5310 BUGTRAQ Milw0rm XF FRSIRT SECUNIA
| PhpOutsourcing -- Noah's Classifieds
| Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcing Noah's Classifieds 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the frommethod parameter. | | 7.0 | CVE-2006-5293 BUGTRAQ OTHER-REF BID XF
| PHPOutsourcing -- Zorum
| PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appDirName parameter. | | 7.0 | CVE-2006-5431 BUGTRAQ BID XF
| PHPRecipeBook -- PHPRecipeBook
| PHP remote file inclusion vulnerability in classes/Import_MM.class.php in PHPRecipeBook 2.36, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the g_rb_basedir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-5399 FRSIRT SECUNIA
| Redaction System -- Redaction System
| Multiple PHP remote file inclusion vulnerabilities in Redaction System 1.0000 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_prefix parameter to (a) conn.php, (b) sesscheck.php, (c) wap/conn.php, or (d) wap/sesscheck.php, or the (2) lang parameter to (d) index.php. | | 7.0 | CVE-2006-5302 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
| SH-News -- SH-News
| Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php. | | 7.0 | CVE-2006-5282 Milw0rm BID FRSIRT SECUNIA XF
| Simplog -- Simplog
| SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | | 7.0 | CVE-2006-5398 OTHER-REF BID XF
| SpamOborona -- SpamOborona
| PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2006-5385 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| SuperMod -- SuperMod
| Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php. | | 7.0 | CVE-2006-5413 OTHER-REF BID BID FRSIRT SECUNIA XF
| tincan -- PHPList
| Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | | 7.0 | CVE-2006-5322 OTHER-REF OTHER-REF
| University of Glasgow -- Specimen Image Database
| PHP remote file inclusion vulnerability in client.php in University of Glasgow Specimen Image Database (SID), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. | | 7.0 | CVE-2006-5419 OTHER-REF BID FRSIRT SECUNIA XF
| webSPELL -- webSPELL
| SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783. | | 7.0 | CVE-2006-5388 OTHER-REF BID XF
| WSN Forum -- WSN Forum
| WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability. | | 7.0 | CVE-2006-5421 OTHER-REF FRSIRT SECUNIA
| XeoPort -- XeoPort
| SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter. | | 7.0 | CVE-2006-5285 FULLDISC BID BUGTRAQ
|