Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | 3Com -- SS3 4400 Switch firmware
| 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned. | | 7.0 | CVE-2006-5382 OTHER-REF FRSIRT
| Alex -- DownloadEngine
| Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291. NOTE: CVE analysis as of 20061021 is inconclusive, but suggests that some or all of the suggested attack vectors are ineffective. | | 7.0 | CVE-2006-5459 BUGTRAQ
| AOL -- AOL Security Edition
| Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. | | 7.0 | CVE-2006-5501 IDEFENSE
| AOL -- AOL Security Edition
| Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. | | 7.0 | CVE-2006-5502 IDEFENSE
| Ascended Development -- Ascended Guestbook
| PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter. | | 7.0 | CVE-2006-5531 OTHER-REF BID FRSIRT SECUNIA XF
| ben3w -- 2BGal
| Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-5505 BID SECUNIA
| Castor -- Castor
| Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib/dbconnect.php, (3) lib/error.php, (4) lib/menu.php, and other unspecified files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-5481 FRSIRT SECUNIA
| Ceary -- UltraCMS
| Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | | 7.0 | CVE-2006-5491 BUGTRAQ BID SECTRACK
| Christopher Fowler -- RSSonate
| Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/. | | 7.0 | CVE-2006-5518 OTHER-REF BID FRSIRT SECUNIA XF
| DeltaScripts -- PHP Classifieds
| PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter. | | 7.0 | CVE-2006-5520 BUGTRAQ BID XF
| Der Dirigent -- Der Dirigent
| Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, and (9) table_rowprop.php in backend/external/wysiswg/popups/. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-5507 BID SECUNIA
| DigitalHive -- DigitalHive
| PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | | 7.0 | CVE-2006-5493 BUGTRAQ OTHER-REF BID SECTRACK XF
| Digium -- Asterisk
| Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. | | 7.0 | CVE-2006-5444 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OPENPKG BID FRSIRT SECTRACK SECUNIA FULLDISC CERT-VN
| Drupal -- Drupal
| Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | | 7.0 | CVE-2006-5475 BUGTRAQ OTHER-REF OPENPKG FRSIRT SECUNIA
| Drupal -- Drupal
| Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | | 7.0 | CVE-2006-5476 BUGTRAQ OTHER-REF OPENPKG FRSIRT SECUNIA XF
| EZ-Ticket -- EZ-Ticket
| PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter. | | 7.0 | CVE-2006-5523 OTHER-REF BID XF
| Fully Modded phpBB -- Fully Modded phpBB
| Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter in (a) faq.php, (b) index.php, (c) list.php, (d) login.php, (e) playlist.php, (f) song.php, (g) gen_m3u.php, (h) view_artist.php, (i) view_song.php, (j) flash/set_na.php, (k) flash/initialise.php, (l) flash/get_song.php, (m) includes/common.php, (n) admin/nav.php, (o) admin/main.php, (p) admin/list_artists.php, (q) admin/index.php, (r) admin/genres.php, (s) admin/edit_artist.php, (t) admin/edit_album.php, (u) admin/config.php, and (v) admin/admin_status.php in player/, different vectors than CVE-2006-3045. NOTE: CVE analysis as of 20061026 indicates that files in the admin/ and flash/ directories define foing_root_path before use. | | 7.0 | CVE-2006-5526 OTHER-REF FRSIRT SECUNIA XF
| Hinton Design -- phpht Topsites
| PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter. | | 7.0 | CVE-2006-5458 Milw0rm FRSIRT SECUNIA
| Hinton Design -- phpht Topsites
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/ directory. NOTE: CVE disputes this vulnerability because $phpht_real_path is defined before use in index.php and most other files except common.php, which is already covered by CVE-2006-5458. | | 7.0 | CVE-2006-5460 BUGTRAQ
| Intelimen -- InteliEditor
| PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter. | | 7.0 | CVE-2006-5527 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| Johannes Erdfelt -- Kawf
| Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php. | | 7.0 | CVE-2006-5522 OTHER-REF BID XF
| Kinesis -- Kinesis Interactive Cinema System
| SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters. | | 7.0 | CVE-2006-5450 BUGTRAQ BID SECUNIA
| MambWeather -- MambWeather
| PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-5519 OTHER-REF BID FRSIRT SECUNIA XF
| Microsoft -- Windows Digital Rights Management System
| The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. | | 8.0 | CVE-2006-5448 BUGTRAQ
| Net_DNS -- Net_DNS
| PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. | | 7.0 | CVE-2006-5521 OTHER-REF BID XF
| Novell -- eDirectory
| Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. | | 7.0 | CVE-2006-4177 IDEFENSE OTHER-REF BID SECUNIA SECTRACK
| Novell -- eDirectory
| Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. | | 10.0 | CVE-2006-4509 IDEFENSE BID SECUNIA SECTRACK
| Novell -- eDirectory
| The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory. | | 10.0 | CVE-2006-4510 IDEFENSE BID SECUNIA SECTRACK
| Novell -- eDirectory
| Stack-based buffer overflow in the BuildRedirectURL function in the HTTP Protocol Stack (httpstk) iMonitor module in Novell eDirectory before 8.8.1 FTF1 on Windows, Linux, and Open Enterprise Server (OES) SP2 allows remote attackers to execute arbitrary code via a long Host HTTP header. | | 7.0 | CVE-2006-5478 OTHER-REF OTHER-REF BID SECUNIA
| OneOrZero -- OneOrZero Helpdesk
| The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset. | | 7.0 | CVE-2006-5474 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA
| PHP-Nuke -- PHP-Nuke
| Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. | | 7.0 | CVE-2006-5494 OTHER-REF BID FRSIRT SECUNIA
| PHPList -- PHPList
| Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. | | 7.0 | CVE-2006-5524 BUGTRAQ BID FRSIRT SECTRACK SECUNIA
| Rhode Island Secretary of State -- Open Meetings Filing System
| Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing System allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php. | | 7.0 | CVE-2006-5517 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
| SchoolAlumni Portal -- SchoolAlumni Portal
| Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2006-5528 BID SECTRACK
| SchoolAlumni Portal -- SchoolAlumni Portal
| Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2006-5529 BID SECTRACK
| Segue CMS -- Segue CMS
| Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | | 7.0 | CVE-2006-5490 OTHER-REF BID FRSIRT SECUNIA XF
| Segue CMS -- Segue CMS
| PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter. | | 7.0 | CVE-2006-5497 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
| Segue CMS -- Segue CMS
| Directory traversal vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. | | 7.0 | CVE-2006-5498 OTHER-REF FRSIRT XF
| Serendipity -- Serendipity
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. | | 7.0 | CVE-2006-5499 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA
| Softerra -- PHP Developer Library
| PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters. | | 7.0 | CVE-2006-5471 BUGTRAQ OTHER-REF SECTRACK XF
| Softerra -- PHP Developer Library
| PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php. | | 7.0 | CVE-2006-5472 OTHER-REF FRSIRT OSVDB OSVDB OSVDB SECUNIA XF
| Softerra -- PHP Developer Library
| ** DISPUTED ** PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: this issue is disputed by CVE as of 20061023, since there is no Description.php file included in the product, and the existing "Description" file contains documentation, not functioning code. | | 7.0 | CVE-2006-5473 BUGTRAQ MLIST MLIST
| SpeedBerg -- SpeedBerg
| Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php. | | 7.0 | CVE-2006-5485 BUGTRAQ MLIST BID
| Trawler -- Trawler Web CMS
| Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e) extras_menu.php, (f) farbpalette.php, (g) lese_inc.php, and (h) newfile.php in _msdazu_share/richtext/; the (2) path_scr_dat2 parameter to (i)_msdazu_share/share/insert1.php; the (3) path_red parameter to (j) _msdazu_share/extras/downloads/index.php; and unspecified parameters in other files. | | 7.0 | CVE-2006-5495 OTHER-REF OTHER-REF BID SECUNIA
| UeberProject Management System -- UeberProject Management System
| PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter. | | 7.0 | CVE-2006-5539 OTHER-REF FRSIRT SECUNIA XF
| WiClear -- WiClear
| Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (7) lib/history.lib.php in inc/. | | 7.0 | CVE-2006-5506 OTHER-REF SECUNIA XF
| WoltLab -- Burning Book
| Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter. | | 7.0 | CVE-2006-5509 BUGTRAQ OTHER-REF FRSIRT
| XChangeBoard -- XChangeBoard
| SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | | 7.0 | CVE-2006-5488 BID SECUNIA XF
| Xoops -- Xoops RMSoft Gallery System
| Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2006-5532 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF
|