CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter.
Max CVSS
7.5
EPSS Score
14.54%
Published
2006-08-31
Updated
2018-10-17
SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters.
Max CVSS
7.5
EPSS Score
0.89%
Published
2006-08-31
Updated
2018-10-17
Directory traversal vulnerability in link.php in NX5Linx 1.0 allows remote attackers to read arbitrary files via the logo parameter.
Max CVSS
5.0
EPSS Score
0.66%
Published
2006-08-31
Updated
2018-10-17
ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script.
Max CVSS
7.5
EPSS Score
1.10%
Published
2006-08-31
Updated
2018-10-17
SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters.
Max CVSS
7.5
EPSS Score
0.23%
Published
2006-08-31
Updated
2018-10-17
ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack.
Max CVSS
5.0
EPSS Score
0.13%
Published
2006-08-31
Updated
2008-09-05
PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922.
Max CVSS
7.5
EPSS Score
6.57%
Published
2006-08-31
Updated
2018-10-17
SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2006-08-31
Updated
2018-10-17
Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
Max CVSS
7.5
EPSS Score
96.01%
Published
2006-08-31
Updated
2018-10-17
Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.
Max CVSS
7.5
EPSS Score
15.17%
Published
2006-08-31
Updated
2018-10-17
Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.63%
Published
2006-08-31
Updated
2008-11-11
Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php.
Max CVSS
7.5
EPSS Score
52.33%
Published
2006-08-31
Updated
2017-10-19
PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter.
Max CVSS
5.1
EPSS Score
11.23%
Published
2006-08-31
Updated
2017-10-19
DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.
Max CVSS
5.0
EPSS Score
0.91%
Published
2006-08-31
Updated
2018-10-17
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
Max CVSS
10.0
EPSS Score
4.17%
Published
2006-08-31
Updated
2018-10-30
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
Max CVSS
9.3
EPSS Score
2.24%
Published
2006-08-31
Updated
2022-07-19
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
Max CVSS
9.3
EPSS Score
1.05%
Published
2006-08-31
Updated
2022-07-19
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.
Max CVSS
7.2
EPSS Score
0.06%
Published
2006-08-31
Updated
2018-10-30
SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter.
Max CVSS
7.5
EPSS Score
1.30%
Published
2006-08-31
Updated
2018-10-17
Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php.
Max CVSS
7.5
EPSS Score
29.35%
Published
2006-08-31
Updated
2018-10-17
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.
Max CVSS
7.5
EPSS Score
1.33%
Published
2006-08-31
Updated
2011-03-08
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.48%
Published
2006-08-31
Updated
2011-03-08
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.
Max CVSS
6.8
EPSS Score
1.14%
Published
2006-08-31
Updated
2017-07-20
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
Max CVSS
5.1
EPSS Score
0.35%
Published
2006-08-31
Updated
2011-03-08
Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.
Max CVSS
7.5
EPSS Score
0.33%
Published
2006-08-31
Updated
2021-10-01
429 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!