| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2006-6883 |
|
|
Exec Code File Inclusion |
2006-12-31 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used. |
|
2 |
CVE-2006-6867 |
|
|
Exec Code File Inclusion |
2006-12-31 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809. |
|
3 |
CVE-2006-6864 |
|
|
Exec Code File Inclusion |
2006-12-31 |
2018-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. |
|
4 |
CVE-2006-6863 |
|
|
Exec Code File Inclusion |
2006-12-31 |
2018-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value. |
|
5 |
CVE-2006-6850 |
|
|
Exec Code File Inclusion |
2006-12-31 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. |
|
6 |
CVE-2006-6843 |
|
|
Exec Code File Inclusion |
2006-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
7 |
CVE-2006-6830 |
|
|
Exec Code File Inclusion |
2006-12-31 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter. |
|
8 |
CVE-2006-6823 |
|
|
Exec Code File Inclusion |
2006-12-29 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
|
9 |
CVE-2006-6812 |
|
|
Exec Code File Inclusion |
2006-12-29 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php. |
|
10 |
CVE-2006-6809 |
|
|
Exec Code File Inclusion |
2006-12-29 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter. |
|
11 |
CVE-2006-6801 |
|
|
Exec Code File Inclusion |
2006-12-28 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter. |
|
12 |
CVE-2006-6800 |
|
|
Exec Code File Inclusion |
2006-12-28 |
2018-10-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. |
|
13 |
CVE-2006-6796 |
|
|
Exec Code File Inclusion |
2006-12-28 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter. |
|
14 |
CVE-2006-6795 |
|
|
Exec Code File Inclusion |
2006-12-28 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. |
|
15 |
CVE-2006-6793 |
|
|
Exec Code File Inclusion |
2006-12-28 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
|
16 |
CVE-2006-6789 |
|
|
Exec Code File Inclusion |
2006-12-28 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
|
17 |
CVE-2006-6788 |
|
|
Exec Code File Inclusion |
2006-12-28 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php. |
|
18 |
CVE-2006-6774 |
|
|
Exec Code File Inclusion |
2006-12-27 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information. |
|
19 |
CVE-2006-6771 |
|
|
Exec Code File Inclusion |
2006-12-27 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/. |
|
20 |
CVE-2006-6770 |
|
|
Exec Code File Inclusion |
2006-12-27 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php. |
|
21 |
CVE-2006-6765 |
|
|
Exec Code File Inclusion |
2006-12-27 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter. |
|
22 |
CVE-2006-6764 |
|
|
Exec Code File Inclusion |
2006-12-27 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes parameter. |
|
23 |
CVE-2006-6763 |
|
|
Exec Code File Inclusion |
2006-12-27 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php. |
|
24 |
CVE-2006-6760 |
94 |
|
Exec Code File Inclusion |
2006-12-27 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in template.php in Phpmymanga 0.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) actionsPage or (2) formPage parameter. |
|
25 |
CVE-2006-6748 |
94 |
|
Exec Code File Inclusion |
2006-12-27 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
26 |
CVE-2006-6740 |
94 |
|
Exec Code File Inclusion |
2006-12-26 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
27 |
CVE-2006-6739 |
94 |
|
Exec Code File Inclusion |
2006-12-26 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CVE-2006-6689. |
|
28 |
CVE-2006-6738 |
94 |
|
Exec Code File Inclusion |
2006-12-26 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
|
29 |
CVE-2006-6732 |
94 |
|
Exec Code File Inclusion |
2006-12-26 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter. |
|
30 |
CVE-2006-6727 |
94 |
|
Exec Code File Inclusion |
2006-12-26 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. |
|
31 |
CVE-2006-6726 |
94 |
|
Exec Code File Inclusion |
2006-12-26 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter. |
|
32 |
CVE-2006-6720 |
94 |
|
Exec Code File Inclusion |
2006-12-23 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter. |
|
33 |
CVE-2006-6715 |
|
|
Exec Code File Inclusion |
2006-12-23 |
2018-10-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter. |
|
34 |
CVE-2006-6711 |
|
|
Exec Code File Inclusion |
2006-12-23 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. |
|
35 |
CVE-2006-6710 |
94 |
|
Exec Code File Inclusion |
2006-12-23 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php. |
|
36 |
CVE-2006-6691 |
|
|
Exec Code File Inclusion |
2006-12-21 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php. |
|
37 |
CVE-2006-6689 |
94 |
|
Exec Code File Inclusion |
2006-12-21 |
2011-09-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scripts, a different vector than CVE-2006-6739. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
38 |
CVE-2006-6686 |
|
|
Exec Code File Inclusion |
2006-12-21 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in sender.php in Carsen Klock TextSend 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. |
|
39 |
CVE-2006-6666 |
|
|
Exec Code File Inclusion |
2006-12-20 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter. |
|
40 |
CVE-2006-6650 |
|
|
Exec Code File Inclusion |
2006-12-20 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. |
|
41 |
CVE-2006-6648 |
|
|
Exec Code File Inclusion |
2006-12-20 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter. |
|
42 |
CVE-2006-6645 |
|
|
Exec Code File Inclusion |
2006-12-20 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. |
|
43 |
CVE-2006-6644 |
|
|
Exec Code File Inclusion |
2006-12-20 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. |
|
44 |
CVE-2006-6635 |
|
|
Exec Code File Inclusion |
2006-12-18 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter. |
|
45 |
CVE-2006-6634 |
|
|
Exec Code File Inclusion |
2006-12-18 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. |
|
46 |
CVE-2006-6633 |
|
|
Exec Code File Inclusion |
2006-12-18 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter. |
|
47 |
CVE-2006-6632 |
|
|
Exec Code File Inclusion |
2006-12-18 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. |
|
48 |
CVE-2006-6631 |
|
|
Exec Code File Inclusion |
2006-12-18 |
2017-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. |
|
49 |
CVE-2006-6630 |
|
|
Exec Code File Inclusion |
2006-12-18 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. |
|
50 |
CVE-2006-6615 |
|
|
Exec Code File Inclusion |
2006-12-18 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. |
