|
313761
|
- |
|
joomla
mambo-foundation
|
joomla\!
mambo
|
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different v…
|
CWE-20
Improper Input Validation
|
CVE-2006-1957
|
2024-02-14 10:17 |
2006-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313762
|
- |
|
vwar
|
virtual_war
|
PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3)…
|
NVD-CWE-Other
|
CVE-2006-1747
|
2024-02-14 10:17 |
2006-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313763
|
- |
|
maxdev
|
md-pro
|
SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbi…
|
CWE-89
SQL Injection
|
CVE-2006-1676
|
2024-02-14 10:17 |
2006-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313764
|
- |
|
maxdev
|
md-pro
|
MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php.
|
CWE-200
Information Exposure
|
CVE-2006-1677
|
2024-02-14 10:17 |
2006-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313765
|
- |
|
squery
|
squery
|
Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in…
|
CWE-94
Code Injection
|
CVE-2006-1688
|
2024-02-14 10:17 |
2006-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313766
|
- |
|
crafty_syntax_image_gallery
|
crafty_syntax_image_gallery
|
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary S…
|
NVD-CWE-Other
|
CVE-2006-1667
|
2024-02-14 10:17 |
2006-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313767
|
- |
|
crafty_syntax_image_gallery
|
crafty_syntax_image_gallery
|
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a mult…
|
NVD-CWE-Other
|
CVE-2006-1668
|
2024-02-14 10:17 |
2006-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313768
|
- |
|
3dsrc
|
monalbum
|
Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via (1) the pc parameter in (a) index.php and (2) pnom, (3) pcourriel, and (4) pcomme…
|
NVD-CWE-Other
|
CVE-2006-1585
|
2024-02-14 10:17 |
2006-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313769
|
- |
|
trend_micro
|
pc-cillin_2006
|
Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs s…
|
NVD-CWE-Other
|
CVE-2006-1379
|
2024-02-14 10:17 |
2006-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313770
|
- |
|
trendmicro
|
interscan_messaging_security_suite
|
ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local us…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2006-1380
|
2024-02-14 10:17 |
2006-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
