269991
|
- |
|
headstart_solutions
|
deskpro
|
Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQ…
|
NVD-CWE-Other
|
CVE-2006-6974
|
2008-09-6 06:16 |
2007-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269992
|
- |
|
mailenable
|
mailenable_enterprise mailenable_standard
|
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication…
|
CWE-287
Improper Authentication
|
CVE-2006-6997
|
2008-09-6 06:16 |
2007-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269993
|
- |
|
headstart_solutions
|
deskpro
|
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.
|
CWE-200
Information Exposure
|
CVE-2006-6999
|
2008-09-6 06:16 |
2007-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269994
|
- |
|
headstart_solutions
|
deskpro
|
Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php,…
|
NVD-CWE-Other
|
CVE-2006-7000
|
2008-09-6 06:16 |
2007-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269995
|
- |
|
phpmychat_plus
|
phpmychat_plus
|
Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-200…
|
NVD-CWE-Other
|
CVE-2006-7001
|
2008-09-6 06:16 |
2007-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269996
|
- |
|
fusionphp
|
fusion_polls
|
PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.
|
NVD-CWE-Other
|
CVE-2006-7003
|
2008-09-6 06:16 |
2007-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269997
|
- |
|
php_script_tools
|
psy_auction
|
Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this in…
|
NVD-CWE-Other
|
CVE-2006-7004
|
2008-09-6 06:16 |
2007-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269998
|
- |
|
php_script_tools
|
psy_auction
|
SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details…
|
NVD-CWE-Other
|
CVE-2006-7005
|
2008-09-6 06:16 |
2007-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269999
|
- |
|
joomla
|
joomla
|
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
|
NVD-CWE-Other
|
CVE-2006-7008
|
2008-09-6 06:16 |
2007-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270000
|
- |
|
joomla
|
joomla
|
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2006-7009
|
2008-09-6 06:16 |
2007-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|