| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2006-1311 |
|
|
Exec Code Mem. Corr. |
2007-02-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. |
|
2 |
CVE-2006-3448 |
119 |
|
Exec Code Overflow |
2007-02-13 |
2018-10-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. |
|
3 |
CVE-2006-4697 |
|
|
Exec Code |
2007-02-13 |
2021-07-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. |
|
4 |
CVE-2006-5270 |
|
|
Exec Code Overflow |
2007-02-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. |
|
5 |
CVE-2006-5276 |
|
|
Exec Code Overflow |
2007-02-20 |
2018-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. |
|
6 |
CVE-2006-5877 |
|
|
DoS |
2007-02-23 |
2008-11-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. |
|
7 |
CVE-2006-6490 |
|
|
Exec Code Overflow |
2007-02-22 |
2018-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message. |
|
8 |
CVE-2006-6966 |
|
|
Exec Code |
2007-02-04 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy. |
|
9 |
CVE-2006-6972 |
|
|
Exec Code Sql |
2007-02-07 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable. |
|
10 |
CVE-2006-6973 |
|
|
|
2007-02-07 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/. |
|
11 |
CVE-2006-6974 |
|
|
+Info |
2007-02-07 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/. |
|
12 |
CVE-2006-6976 |
94 |
|
Exec Code File Inclusion |
2007-02-08 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter. |
|
13 |
CVE-2006-6979 |
20 |
|
Exec Code |
2007-02-08 |
2011-06-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. |
|
14 |
CVE-2006-6986 |
|
|
|
2007-02-09 |
2011-03-08 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. |
|
15 |
CVE-2006-6987 |
|
|
|
2007-02-09 |
2011-03-08 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. |
|
16 |
CVE-2006-6988 |
|
|
|
2007-02-09 |
2011-03-08 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. |
|
17 |
CVE-2006-6989 |
|
|
|
2007-02-09 |
2011-03-08 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. |
|
18 |
CVE-2006-6990 |
|
|
|
2007-02-09 |
2011-03-08 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. |
|
19 |
CVE-2006-6991 |
|
|
|
2007-02-09 |
2011-03-08 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. |
|
20 |
CVE-2006-6992 |
|
|
|
2007-02-09 |
2011-03-08 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. |
|
21 |
CVE-2006-6993 |
|
|
Sql |
2007-02-12 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
22 |
CVE-2006-6997 |
287 |
|
|
2007-02-12 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792. |
|
23 |
CVE-2006-7001 |
|
|
Dir. Trav. |
2007-02-12 |
2008-09-05 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
24 |
CVE-2006-7003 |
|
|
Exec Code File Inclusion |
2007-02-12 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter. |
|
25 |
CVE-2006-7005 |
|
1
|
Exec Code Sql |
2007-02-12 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
26 |
CVE-2006-7006 |
|
|
Exec Code File Inclusion |
2007-02-12 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals. |
|
27 |
CVE-2006-7007 |
|
|
DoS Overflow |
2007-02-12 |
2017-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133. |
|
28 |
CVE-2006-7008 |
|
|
|
2007-02-12 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. |
|
29 |
CVE-2006-7009 |
|
|
|
2007-02-12 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. |
|
30 |
CVE-2006-7010 |
|
|
Sql |
2007-02-12 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. |
|
31 |
CVE-2006-7011 |
|
|
Exec Code File Inclusion |
2007-02-15 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value. |
|
32 |
CVE-2006-7012 |
|
|
Exec Code |
2007-02-15 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action. |
|
33 |
CVE-2006-7013 |
|
|
|
2007-02-15 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue. |
|
34 |
CVE-2006-7014 |
|
|
+Priv |
2007-02-15 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request. |
|
35 |
CVE-2006-7015 |
|
|
Exec Code File Inclusion |
2007-02-15 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests. |
|
36 |
CVE-2006-7016 |
|
|
+Priv Bypass |
2007-02-15 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit. |
|
37 |
CVE-2006-7017 |
|
|
Exec Code File Inclusion |
2007-02-15 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php. |
|
38 |
CVE-2006-7018 |
|
|
Exec Code |
2007-02-15 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. |
|
39 |
CVE-2006-7019 |
|
|
Exec Code |
2007-02-15 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
40 |
CVE-2006-7020 |
|
|
|
2007-02-15 |
2017-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
Complete |
None |
|
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER). |
|
41 |
CVE-2006-7021 |
94 |
|
Exec Code File Inclusion |
2007-02-15 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter. |
|
42 |
CVE-2006-7022 |
|
|
|
2007-02-15 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. |
|
43 |
CVE-2006-7024 |
|
|
Exec Code File Inclusion |
2007-02-15 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php. |
|
44 |
CVE-2006-7025 |
89 |
|
Sql |
2007-02-23 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter. |
|
45 |
CVE-2006-7027 |
|
|
|
2007-02-23 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. |
|
46 |
CVE-2006-7028 |
|
|
DoS |
2007-02-23 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error. |
|
47 |
CVE-2006-7032 |
|
|
Exec Code File Inclusion |
2007-02-23 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. |
|
48 |
CVE-2006-7034 |
|
|
Sql |
2007-02-23 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. |
|
49 |
CVE-2006-7035 |
|
|
Dir. Trav. |
2007-02-23 |
2018-10-16 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter. |
|
50 |
CVE-2006-7036 |
|
|
Exec Code File Inclusion |
2007-02-23 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated. |
