Blog

CVE-2006-5629

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the…


October 31, 2006 0

CVE-2006-5612

PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter. (CVSS:7.5) (Last Update:2017-07-19)


October 30, 2006 0

CVE-2006-5521

PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. (CVSS:7.5) (Last Update:2017-07-19)


October 26, 2006 0

CVE-2006-5507

Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase…


October 25, 2006 0

CVE-2006-5113

Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to include and execute local files via a .. (dot dot) in the lan parameter to includes.php. NOTE: the provenance of this information is unknown; t…


October 3, 2006 0

CVE-2006-5043

Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upl…


September 27, 2006 0

CVE-2006-4962

Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a …


September 23, 2006 0

CVE-2006-4878

Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to …


September 19, 2006 0

CVE-2006-4440

PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter. (CVSS:7.5) (Last Update:2017-07-19)


August 29, 2006 0

CVE-2006-4318

Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. (CVSS:6.5) (Last Update:2017-07-19)


August 23, 2006 0