Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Abarcar Software -- Abarcar Realty Portal
| Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. | | 7.0 | CVE-2006-5840 BUGTRAQ BID
| Adaptive Technology Resource Centre -- ATutor
| Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404. | | 7.0 | CVE-2006-5734 BUGTRAQ
| Advanced Guestbook -- Advanced Guestbook
| PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | | 7.0 | CVE-2006-5804 BUGTRAQ BID SECUNIA
| AIOCP -- AIOCP
| Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b)cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php. | | 7.0 | CVE-2006-5829 BUGTRAQ BID FRSIRT SECUNIA XF
| AIOCP -- AIOCP
| PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter. | | 7.0 | CVE-2006-5831 BUGTRAQ BID XF
| America Online -- ICQ
| The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. | | 7.0 | CVE-2006-5650 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
| Apple -- Mac OS X OpenDarwin -- Darwin Kernel
| The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header. | | 7.0 | CVE-2006-5710 OTHER-REF BID SECUNIA FRSIRT SECTRACK XF
| Ariadne -- Ariadne CMS
| ** DISPUTED ** Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE: this issue is disputed by CVE, since installation instructions recommend that the files be placed outside of the web document root and require the administrator to modify $ariadne in an include file. | | 7.0 | CVE-2006-5776 BUGTRAQ MLIST MLIST BID XF
| Article Script -- Article Script
| SQL injection vulnerability in rss.php in Article Script 1.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | | 7.0 | CVE-2006-5765 OTHER-REF FRSIRT SECUNIA BUGTRAQ BID
| Article System -- Article System
| PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter. | | 7.0 | CVE-2006-5766 OTHER-REF BID XF
| BytesFall Explorer -- BytesFall Explorer
| SQL injection vulnerability in libs/sessions.lib.php in BytesFall Explorer (bfExplorer) 0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, a different issue than CVE-2006-5606. | | 7.0 | CVE-2006-5719 BUGTRAQ OTHER-REF BID XF
| Creasito -- Creasito E-Commerce Content Manager
| Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php, (3) amministrazione.php, (4) artins.php, (5) bgcolor.php, (6) cancartcat.php, (7) canccat.php, (8) cancelart.php, (9) cancontsit.php, (10) chanpassamm.php, (11) dele.php, (12) delecat.php, (13) delecont.php, (14) emailall.php, (15) gestflashtempl.php, (16) gestmagart.php, (17) gestmagaz.php, (18) gestpre.php, (19) input.php, (20) input3.php, (21) insnucat.php, (22) instempflash.php, (23) mailfc.php, (24) modfdati.php, (25) rescont4.php, (26) ricordo1.php, (27) ricordo4.php, (28) tabcatalg.php, (29) tabcont.php, (30) tabcont3.php, (31) tabstile.php, (32) tabstile3.php, (33) testimmg.php, and (34) update.php in admin/. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2006-5777 OTHER-REF SECUNIA XF
| Cyberfolio -- Cyberfolio
| Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php. | | 7.0 | CVE-2006-5768 OTHER-REF OTHER-REF OTHER-REF SECUNIA BID FRSIRT XF
| DataparkSearch -- DataparkSearch
| SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier allows remote attackers to execute arbitrary SQL commands via a malformed hostname in a URL. | | 7.0 | CVE-2006-5723 OTHER-REF BID FRSIRT XF
| DeltaScripts -- PHP Classifieds
| SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | | 7.0 | CVE-2006-5828 OTHER-REF BID SECUNIA XF
| Dmitry Sheiko -- Business Card Web Builder
| Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder (BCWB) 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the root_path_admin parameter to (1) /include/startup.inc.php, (2) dcontent/default.css.php, or (3) system/default.css.php, different vectors than CVE-2006-4946. | | 7.0 | CVE-2006-5816 BUGTRAQ
| Dodo's Scripts -- DodosMail
| Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters. | | 7.0 | CVE-2006-5841 Milw0rm FRSIRT SECUNIA
| Drake CMS -- Drake CMS
| PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 r846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter. | | 7.0 | CVE-2006-5767 OTHER-REF BID FRSIRT XF
| e107 -- e107
| Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php. | | 7.0 | CVE-2006-5786 OTHER-REF BID XF
| Edgewall Software -- Trac
| Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. | | 7.0 | CVE-2006-5848 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Essen -- Essentia Web Server
| Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2006-5850 FULLDISC OTHER-REF BID FRSIRT SECUNIA XF
| Francisco Burzi -- PHP-Nuke
| SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. | | 7.0 | CVE-2006-5720 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| Free PHP Scripts -- Free File Hosting
| PHP remote file inclusion vulnerability in contact.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2006-5764 FRSIRT
| FreeWebshop -- FreeWebshop
| Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter. | | 7.0 | CVE-2006-5772 OTHER-REF FRSIRT SECUNIA XF
| FreeWebshop -- FreeWebshop
| Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | | 7.0 | CVE-2006-5847 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
| FunkBoard -- FunkBoard
| Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name parameter. | | 7.0 | CVE-2006-5775 OTHER-REF FRSIRT SECUNIA BID
| GreenBeast CMS -- GreenBeast CMS
| gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file. | | 7.0 | CVE-2006-5833 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
| IBM -- Lotus Domino
| Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. | | 7.0 | CVE-2006-5818 IDEFENSE OTHER-REF BID
| Immediacy -- Immediacy .NET CMS
| Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie. | | 7.0 | CVE-2006-5853 BUGTRAQ OTHER-REF BID
| Iodine -- Iodine
| Stack-based buffer overflow in the handshake function in iodine 0.3.2 allows remote attackers to execute arbitrary code via a crafted DNS response. | | 7.0 | CVE-2006-5781 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
| IPrimal -- IPrimal Forums
| admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php. | | 7.0 | CVE-2006-5787 OTHER-REF BID FRSIRT SECUNIA
| IPrimal -- IPrimal Forums
| PHP remote file inclusion vulnerability in (1) index.php and (2) admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to execute arbitrary PHP code via a URL in the p parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | | 7.0 | CVE-2006-5788 FRSIRT SECUNIA
| IrayoBlog -- IrayoBlog
| PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter. | | 7.0 | CVE-2006-5849 OTHER-REF FRSIRT XF
| Leicestershire -- CommunityPortals
| PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. | | 7.0 | CVE-2006-5739 SECTRACK
| Linux -- Linux kernel
| Multiple unspecified vulnerabilities in netfilter for IPv6 code in Linux kernel before 2.6.16.31 allow remote attackers to bypass intended restrictions via unknown vectors, aka (1) "ip6_tables protocol bypass bug" and (2) "ip6_tables extension header bypass bug". | | 7.0 | CVE-2006-4572 MLIST MANDRIVA SECUNIA SECUNIA
| Microsoft -- XML Core Services
| Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. | | 8.0 | CVE-2006-5745 OTHER-REF OTHER-REF FRSIRT OTHER-REF CERT-VN BID SECTRACK SECUNIA XF
| Microsoft -- Windows 2000 Microsoft -- Windows XP
| Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and execute arbitrary code by modifying the kernel structures. | | 7.0 | CVE-2006-5758 OTHER-REF FRSIRT SECUNIA BID SECTRACK XF
| MobileSecure Inc -- Highwall Enterprise MobileSecure Inc -- Highwall Endpoint
| Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator. | | 7.0 | CVE-2006-5744 BUGTRAQ BUGTRAQ BID OSVDB
| Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing. | | 7.0 | CVE-2006-5463 OTHER-REF OTHER-REF CERT BID FRSIRT SECUNIA SECUNIA SECTRACK SECTRACK SECTRACK
| Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function. | | 7.0 | CVE-2006-5747 CERT-VN OTHER-REF OTHER-REF CERT BID FRSIRT SECTRACK SECTRACK SECTRACK SECUNIA SECUNIA
| Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird
| Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possible execute arbitrary code via unspecified vectors that trigger memory corruption. | | 7.0 | CVE-2006-5748 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF CERT CERT-VN BID FRSIRT SECTRACK SECTRACK SECTRACK SECUNIA SECUNIA
| mxBB -- mxBB Smartor Album
| PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | | 7.0 | CVE-2006-5803 OTHER-REF BID XF
| NewP -- News Publication System
| PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter. | | 7.0 | CVE-2006-5838 BUGTRAQ BID XF
| Novell -- eDirectory
| Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | | 7.0 | CVE-2006-5814 OTHER-REF SECTRACK
| OpenBSD -- OpenSSH
| Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. | | 7.0 | CVE-2006-5794 OTHER-REF OTHER-REF BID FRSIRT SECUNIA SECUNIA
| OpenDarwin -- Darwin Kernel
| The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type. | | 7.0 | CVE-2006-5836 OTHER-REF BID
| OpenEMR -- OpenEMR
| Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php and (i) main.php in interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, and (o) front_receipts_report.php in interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, and (r) user_info.php in interface/usergroup/; or (s) custom/import_xml.php. | | 7.0 | CVE-2006-5795 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA XF
| PHP -- PHP
| Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | | 7.0 | CVE-2006-5465 OTHER-REF UBUNTU OTHER-REF MANDRIVA REDHAT BID FRSIRT SECTRACK SECUNIA SECUNIA XF DEBIAN MANDRAKE SECUNIA SECUNIA SECUNIA
| PHP -- PHP
| Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494. | | 7.0 | CVE-2006-5706 OTHER-REF UBUNTU
| PHPAdventure -- PHPAdventure
| PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter. | | 7.0 | CVE-2006-5839 OTHER-REF FRSIRT XF
| phpDynaSite -- phpDynaSite
| Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php. | | 7.0 | CVE-2006-5760 OTHER-REF FRSIRT SECUNIA XF
| PHPEasyData Pro -- PHPEasyData Pro
| SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | | 7.0 | CVE-2006-5707 BUGTRAQ BUGTRAQ OTHER-REF FRSIRT SECTRACK SECUNIA XF
| PostNuke Software Foundation -- PostNuke
| Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | | 7.0 | CVE-2006-5733 OTHER-REF BID XF
| ProFTPD Project -- ProFTPD
| Unspecified vulnerability in ProFTPD allows remote attackers to execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | | 7.0 | CVE-2006-5815 OTHER-REF SECTRACK
| PunBB -- PunBB
| Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table. | | 7.0 | CVE-2006-5735 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECTRACK SECUNIA
| PunBB -- PunBB
| PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions. | | 7.0 | CVE-2006-5737 BUGTRAQ OTHER-REF SECTRACK
| SimpleChat -- SimpleChat
| Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter. | | 7.0 | CVE-2006-5837 OTHER-REF BID FRSIRT SECUNIA XF
| Soholaunch -- Soholaunch Pro Edition
| Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php. | | 7.0 | CVE-2006-5796 BUGTRAQ OTHER-REF OTHER-REF FRSIRT XF
| Speedywiki -- Speedywiki
| Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter. | | 7.0 | CVE-2006-5843 BUGTRAQ OTHER-REF BID SECUNIA
| Speedywiki -- Speedywiki
| Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1. | | 7.0 | CVE-2006-5845 BUGTRAQ OTHER-REF SECUNIA
| Stefan Ritt -- Elog Web Logbook
| Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions. | | 7.0 | CVE-2006-5790 OTHER-REF BID FRSIRT SECUNIA
| The Web Drivers -- Simple Forum
| SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2006-5802 OTHER-REF BID FRSIRT SECUNIA XF
| Tikiwiki -- Tikiwiki
| Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. | | 7.0 | CVE-2006-5703 BUGTRAQ BID SECUNIA FRSIRT
| Xenis -- Xenis.creator CMS
| Multiple SQL injection vulnerabilities in default.asp in Xenis.creator CMS allow remote attackers to execute arbitrary SQL commands via the (1) nav, (2) s, or (3) print parameters. | | 7.0 | CVE-2006-5797 BUGTRAQ BUGTRAQ BID SECTRACK XF
| Xenis -- Xenis.creator CMS
| SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter. | | 7.0 | CVE-2006-5798 BUGTRAQ BID SECTRACK XF
| Xenis -- Xenis.creator CMS
| Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters. | | 7.0 | CVE-2006-5799 BUGTRAQ OTHER-REF BID SECTRACK XF
| XLink Technology -- Omni-NFS Server
| Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm. | | 7.0 | CVE-2006-5780 BUGTRAQ OTHER-REF OTHER-REF BID
| XLink Technology -- Omni-NFS/X Enterprise
| Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by vd_xlink2.pm, an "Omni-NFS Enterprise remote exploit." NOTE: this is probably a different vulnerability than CVE-2006-5780. As of 20061107, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | | 7.0 | CVE-2006-5792 OTHER-REF
|