Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-13 | CVE-2006-1767 | Remote File Include vulnerability in Indexu 5.0/5.0.1 Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php. | 7.5 |
| 2006-04-13 | CVE-2006-1766 | SQL-Injection vulnerability in Papoo 2.1.2/2.1.4/2.1.5 Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php. | 6.4 |
| 2006-04-13 | CVE-2006-1765 | Cross-Site Scripting vulnerability in Jbook 1.3 Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. network jbook | 6.8 |
| 2006-04-13 | CVE-2006-1764 | Information Disclosure vulnerability in Hosting Controller Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. | 7.8 |
| 2006-04-13 | CVE-2006-1763 | Input Validation vulnerability in Blursoft Blur6Ex 0.3.462 Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php). | 5.0 |
| 2006-04-13 | CVE-2006-1762 | Input Validation vulnerability in Blursoft Blur6Ex 0.3.462 Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. | 7.5 |
| 2006-04-13 | CVE-2006-1761 | Input Validation vulnerability in Blursoft Blur6Ex 0.3.462 Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. | 2.6 |
| 2006-04-13 | CVE-2006-1760 | Cross-Site Scripting vulnerability in Jetphotosoft.Com Jetphoto 1.0/2.0/2.1 Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. | 4.3 |
| 2006-04-13 | CVE-2006-1759 | Cross-Site Scripting vulnerability in Swsoft Confixx 3.1.2 Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. | 2.6 |
| 2006-04-13 | CVE-2006-1758 | Input Validation vulnerability in Bill Shupp Vegadns 0.99 SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |