U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 164,885 matching records.
Displaying matches 145,501 through 145,520.
Vuln ID Summary CVSS Severity
CVE-2006-4283

Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4284

SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4285

PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4286

** DISPUTED ** PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4287

Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4288

PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: some of these details are obtained from third party information.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-4289

Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-4290

Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-4291

PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4292

Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-4293

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.

Published: August 22, 2006; 1:04:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-4275

PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: August 21, 2006; 6:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4276

PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php.

Published: August 21, 2006; 6:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4277

Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published: August 21, 2006; 6:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4278

PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter.

Published: August 21, 2006; 6:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4279

SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icon_topic parameter.

Published: August 21, 2006; 6:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4280

** DISPUTED ** PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file.

Published: August 21, 2006; 6:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4281

PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: August 21, 2006; 6:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4093

Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."

Published: August 21, 2006; 5:04:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2006-4263

Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php.

Published: August 21, 2006; 5:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH