Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | AlstraSoft -- Video Share Enterprise
| PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter. | | 7.0 | CVE-2006-4443 BUGTRAQ BID
| Ay System Solutions -- Ay System Solutions CMS
| PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter. | | 7.0 | CVE-2006-4440 OTHER-REF SECUNIA
| Ay System Solutions -- Ay System Solutions CMS
| Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-4441 SECUNIA
| BigACE -- BigACE
| Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php. | | 7.0 | CVE-2006-4423 BUGTRAQ BID SECTRACK XF
| CJ Design -- CJ Tag Board
| Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php. | | 7.0 | CVE-2006-4451 OTHER-REF BID FRSIRT SECUNIA
| CutePHP -- CuteNews
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion. | | 7.0 | CVE-2006-4445 BUGTRAQ MLIST BUGTRAQ XF
| ExBB -- ExBB Italia
| PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter. | | 7.0 | CVE-2006-4488 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
| Gonafish.com -- LinksCaffe
| Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php. | | 10.0 | CVE-2006-4462 BUGTRAQ
| gtetrinet -- gtetrinet
| Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows remote attackers to execute arbitrary code via a packet specifying a negative number of players, which is used as an array index. | | 7.0 | CVE-2006-3125 DEBIAN
| IBM -- AIX
| Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program. | | 7.0 | CVE-2006-4416 AIXAPAR AIXAPAR BID SECUNIA
| Jetbox -- Jetbox CMS
| PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than CVE-2006-2270. NOTE: this issue has been disputed, and as of 20060830, CVE analysis concurs with the dispute. In addition, it is likely that the vulnerability is actually in a third party module, phpDig 1.8.8. | | 7.0 | CVE-2006-4422 BUGTRAQ BID BUGTRAQ BUGTRAQ MLIST MLIST XF
| Joomla! -- Joomla!
| Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." | | 7.0 | CVE-2006-4469 OTHER-REF
| Joomla! -- Joomla!
| Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. | | 7.0 | CVE-2006-4470 OTHER-REF
| Joomla! -- Joomla!
| The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. | | 7.0 | CVE-2006-4471 OTHER-REF
| Joomla! -- Joomla!
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | | 7.0 | CVE-2006-4472 OTHER-REF
| Joomla! -- Joomla!
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. | | 7.0 | CVE-2006-4474 OTHER-REF
| Joomla! -- Joomla!
| Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. | | 7.0 | CVE-2006-4475 OTHER-REF
| Jupiter CMS -- Jupiter CMS
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement. | | 7.0 | CVE-2006-4428 BUGTRAQ MLIST BID
| Microsoft -- Terminal Server
| ** DISPUTED ** Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code. | | 10.0 | CVE-2006-4465 BUGTRAQ BUGTRAQ OTHER-REF
| Nuked-Klan -- Nuked-Klan
| Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element. | | 7.0 | CVE-2006-4480 BUGTRAQ
| NX5 -- NX5Linx
| SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters. | | 7.0 | CVE-2006-4504 OTHER-REF XF
| NX5 -- NX5Linx
| CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter. | | 7.0 | CVE-2006-4505 OTHER-REF
| PHlyMail -- PHlyMail Lite
| ** DISPUTED ** PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly. | | 7.0 | CVE-2006-4429 BUGTRAQ BUGTRAQ
| phpAlbum.net -- phpalbum
| PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922. | | 7.0 | CVE-2006-4498 BUGTRAQ OTHER-REF BID XF
| phpECard -- phpECard
| PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | | 7.0 | CVE-2006-4456 OTHER-REF BID FRSIRT SECUNIA XF
| phpECard -- phpECard
| PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-4457 FRSIRT SECUNIA
| ProManager -- ProManager
| SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter. | | 7.0 | CVE-2006-4419 OTHER-REF BID XF
| SAP-DB -- SAP-DB MySQL -- MaxDB
| Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. | | 7.0 | CVE-2006-4305 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| Simple Machines -- Simple Machines Forum
| Interpretation conflict in Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Simple Machines Forum. | | 7.0 | CVE-2006-4467 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF
| SQL-Ledger -- SQL-Ledger
| Unspecified vulnerability in unspecified versions of SQL-Ledger allow remote attackers to gain access as any logged-in user via unknown vectors related to session handling. | | 7.0 | CVE-2006-4244 BUGTRAQ BID
| Sun -- Solaris
| pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871. | | 7.0 | CVE-2006-4439 SUNALERT SECUNIA FRSIRT OSVDB
| Tor -- Tor
| Unspecified vulnerability in Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23 allows remote attackers acting as an "entry node" within the Tor network to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors. | | 7.0 | CVE-2006-4508 MLIST BID SECUNIA
| Ultrize -- MiniBill
| Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php. | | 7.0 | CVE-2006-4489 OTHER-REF BID SECUNIA XF
| VisualShapers -- ezContents
| Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php. | | 7.0 | CVE-2006-4477 BUGTRAQ BID
| VisualShapers -- ezContents
| SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter. | | 7.0 | CVE-2006-4478 BUGTRAQ BID
| VisualShapers -- ezContents
| Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter. | | 7.0 | CVE-2006-4479 BUGTRAQ BID
| Web3King -- Web3news
| PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter. | | 7.0 | CVE-2006-4452 OTHER-REF BID SECUNIA FRSIRT OSVDB XF
| XOOPS -- XOOPS
| SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter. | | 7.0 | CVE-2006-4417 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA FRSIRT XF
| Zend -- Zend Platform
| Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackes to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID). | | 7.0 | CVE-2006-4431 BUGTRAQ OTHER-REF FRSIRT SECUNIA FULLDISC BID OSVDB OSVDB XF
| Ztml -- ezPortal/ztml CMS
| SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters. | | 7.0 | CVE-2006-4501 BUGTRAQ BID
| Ztml -- ezPortal/ztml CMS
| ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script. | | 7.0 | CVE-2006-4502 BUGTRAQ BID
|