Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | 8pixel.net -- Simple Blog
| Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism. | | 7.0 | CVE-2006-4592 OTHER-REF BID FRSIRT SECUNIA
| AlstraSoft -- Template Seller AlstraSoft -- Template Seller Pro
| Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php. | | 7.0 | CVE-2006-4591 BUGTRAQ BID
| ALWIL -- avast! Antivirus
| Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow. | | 7.0 | CVE-2006-4626 OTHER-REF
| Annuaire -- 1Two
| SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2006-4601 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
| Autentificator -- Autentificator
| SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter. | | 7.0 | CVE-2006-4599 BUGTRAQ BID FRSIRT SECUNIA
| Bare Concept Media -- Pheap CMS
| PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. | | 7.0 | CVE-2006-4531 OTHER-REF BID XF BUGTRAQ FRSIRT OSVDB SECTRACK SECUNIA
| Bare Concept Media -- Pheap CMS
| PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531. | | 7.0 | CVE-2006-4621 FRSIRT SECUNIA
| Bernard Pacques -- Yet Another Community System CMS
| PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter. | | 7.0 | CVE-2006-4532 OTHER-REF XF OTHER-REF FRSIRT SECTRACK SECUNIA
| Bernard Pacques -- Yet Another Community System CMS
| Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3) categories/populate.php, (4) comments/populate.php, (5) files/file.php, (6) sections/section.php, (7) sections/populate.php, (8) tables/populate.php, (9) users/user.php, and (10) users/populate.php. The articles/article.php vector is covered by CVE-2006-4532. | | 7.0 | CVE-2006-4559 OTHER-REF SECUNIA
| Bugada Andrea -- PHP Advanced Transfer Manager
| Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681. | | 7.0 | CVE-2006-4594 OTHER-REF BID XF
| Cerberus -- Cerberus Helpdesk
| (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-4539 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| CHXO -- Feedsplitter
| Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed. | | 7.0 | CVE-2006-4551 BUGTRAQ
| CHXO -- Feedsplitter
| Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed. | | 7.0 | CVE-2006-4552 BUGTRAQ
| CMS Frogss -- CMS Frogss
| SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter. | | 7.0 | CVE-2006-4536 OTHER-REF OTHER-REF BID XF
| ComScripts -- AnnonceV
| PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | | 7.0 | CVE-2006-4622 BUGTRAQ OTHER-REF
| Darrens $5 Script Archive -- FlashChat
| Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php. | | 7.0 | CVE-2006-4583 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA
| DeluxeBB -- DeluxeBB
| DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php. | | 7.0 | CVE-2006-4558 BUGTRAQ OTHER-REF SECUNIA XF
| Devellion -- CubeCart
| SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. | | 7.0 | CVE-2006-4526 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA
| Digi International Inc -- AnywhereUSB/5
| Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor. | | 7.0 | CVE-2006-4459 BUGTRAQ OTHER-REF BID SECUNIA
| Digiappz -- Freekot
| Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2006-4524 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF
| Dsocks -- Dsocks
| Buffer overflow in the _tor_resolve function in dsocks.c in dsocks before 1.4 allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long node name. | | 7.0 | CVE-2006-4611 BUGTRAQ OTHER-REF BID
| DynCMS -- DynCMS
| PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter. | | 7.0 | CVE-2006-4589 OTHER-REF BID SECUNIA
| e107.org -- e107 website system
| e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107. | | 7.0 | CVE-2006-4548 BUGTRAQ OTHER-REF
| ExBB -- ExBB
| Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor. | | 7.0 | CVE-2006-4544 BUGTRAQ OTHER-REF SECTRACK
| GNU -- Mailman
| Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". | | 7.0 | CVE-2006-2941 OTHER-REF OTHER-REF FRSIRT SECUNIA BID XF
| GNU -- Mailman
| Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | | 7.0 | CVE-2006-3636 OTHER-REF FRSIRT SECUNIA BID XF
| GrapAgenda -- GrapAgenda
| PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter. | | 7.0 | CVE-2006-4610 BUGTRAQ OTHER-REF
| HLstats -- HLstats
| Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode. | | 7.0 | CVE-2006-4543 BUGTRAQ BID SECUNIA
| IBM -- AIX
| Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors. | | 7.0 | CVE-2006-4522 AIXAPAR AIXAPAR SECUNIA BID FRSIRT
| ICBlogger -- ICBlogger
| SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter. | | 7.0 | CVE-2006-4597 BUGTRAQ OTHER-REF FRSIRT SECUNIA
| Jetstat.com -- JS ASP Faq Manager
| SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-4590 BID FRSIRT OSVDB SECUNIA XF
| John Andersson -- ZixForum
| SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter. | | 7.0 | CVE-2006-4612 BUGTRAQ
| Joomla! -- com_comprofiler Component Mambo -- com_comprofiler Component
| PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4553 BUGTRAQ BID
| Julian Pawlowski -- CAPI4HylaFAX
| c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number. | | 7.0 | CVE-2006-3126 OTHER-REF DEBIAN SECUNIA SECUNIA FRSIRT
| KDE -- kdebase
| The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times. | | 10.0 | CVE-2006-3742 FEDORA
| Lanifex -- Lanifex
| PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter. | | 7.0 | CVE-2006-4604 Milw0rm BID XF
| Learn.com -- LearnCenter
| Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter. | | 7.0 | CVE-2006-4540 BUGTRAQ SECUNIA BID OSVDB XF
| Longino -- Jacome php-Revista
| PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter. | | 7.0 | CVE-2006-4605 BUGTRAQ SECUNIA
| Longino -- Jacome php-Revista
| Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php. | | 7.0 | CVE-2006-4606 BUGTRAQ SECUNIA
| Longino -- Jacome php-Revista
| admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1. | | 10.0 | CVE-2006-4607 BUGTRAQ SECUNIA
| Longino -- Jacome php-Revista
| Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php. | | 7.0 | CVE-2006-4608 BUGTRAQ SECUNIA
| Mambo -- JIM Component Joomla! -- JIM Component
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242. | | 7.0 | CVE-2006-4556 BUGTRAQ BUGTRAQ
| Membrepass -- membrepass
| SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter. | | 7.0 | CVE-2006-4529 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| Membrepass -- membrepass
| Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php. | | 7.0 | CVE-2006-4530 BUGTRAQ BID FRSIRT SECUNIA XF
| Microsoft -- Internet Explorer
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. | | 7.0 | CVE-2006-4560 BUGTRAQ OTHER-REF OTHER-REF
| ModuleBased CMS -- ModuleBased CMS
| ** DISPUTED ** PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker. | | 7.0 | CVE-2006-4545 BUGTRAQ MLIST BID
| Mozilla -- Firefox
| Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. | | 7.0 | CVE-2006-4561 BUGTRAQ OTHER-REF OTHER-REF
| MyBace Light -- MyBace Light
| PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php. | | 7.0 | CVE-2006-4596 OTHER-REF FRSIRT SECUNIA
| NCH Software -- Swift Sound Web Dictate
| NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password. | | 10.0 | CVE-2006-4603 BUGTRAQ BID
| PHP-Nuke -- MyHeadlines
| Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-4563 BID FRSIRT SECUNIA XF
| Plume CMS -- Plume CMS
| Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the $_PX_config['manager_path'] parameter to (1) articles.php, 2) categories.php, 3) news.php, 4) prefs.php, 5) (sites.php, 6) subtypes.php, 7) users.php, 8) xmedia.php, 9) (frontinc/class.template.php, 10) inc/lib.text.php, 11) (install/index.php, 12) install/upgrade.php, and 13) (tools/htaccess/index.php. NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725. | | 7.0 | CVE-2006-4533 OTHER-REF BID
| Retro64 -- CR64Loader ActiveX Control
| Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control. | | 7.0 | CVE-2006-4555 CERT-VN BID FRSIRT SECTRACK SECUNIA XF
| Robert Jewell -- Discloser
| ** DISPUTED ** PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute. | | 7.0 | CVE-2006-4557 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ
| SoftBB -- SoftBB
| Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | | 7.0 | CVE-2006-4593 BUGTRAQ BID
| ssLinks -- ssLinks
| Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) go parameter and (2) id parameter in a rate action. | | 7.0 | CVE-2006-4598 BUGTRAQ BID FRSIRT SECUNIA
| TikiWiki Project -- TikiWiki
| Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. | | 7.0 | CVE-2006-4602 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA
| Tr Forum -- Tr Forum
| Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php. | | 7.0 | CVE-2006-4584 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA
| vtiger -- vtiger CRM
| Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. | | 7.0 | CVE-2006-4587 OTHER-REF BID FRSIRT SECUNIA
| vtiger -- vtiger CRM
| vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. | | 7.0 | CVE-2006-4588 OTHER-REF BID FRSIRT SECUNIA
| Vtiger -- Vtiger CRM
| Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder. | | 7.0 | CVE-2006-4617 OTHER-REF
| Webmin -- Usermin Webmin -- Webmin
| Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. | | 7.0 | CVE-2006-4542 OTHER-REF OTHER-REF WEBMIN FRSIRT SECUNIA
|