CVE List - 2006 / October
Showing 401 - 500 of 551 CVEs for October 2006 (Page 5 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2006-5478 | 2006-10-24 | Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via... |
| CVE-2006-5480 | 2006-10-24 | PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter. |
| CVE-2006-5481 | 2006-10-24 | Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib/dbconnect.php,... |
| CVE-2006-5479 | 2006-10-24 | The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." |
| CVE-2006-5483 | 2006-10-24 | p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root. |
| CVE-2006-5484 | 2006-10-24 | SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows... |
| CVE-2006-5485 | 2006-10-24 | Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3)... |
| CVE-2006-5486 | 2006-10-24 | Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. |
| CVE-2006-5482 | 2006-10-24 | ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR,... |
| CVE-2006-5488 | 2006-10-25 | SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance... |
| CVE-2006-5489 | 2006-10-25 | Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino might allow attackers with meeting organizer privileges to cause a denial of service (application... |
| CVE-2006-5490 | 2006-10-25 | Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2006-5491 | 2006-10-25 | Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. |
| CVE-2006-5492 | 2006-10-25 | Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants." |
| CVE-2006-5493 | 2006-10-25 | PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| CVE-2006-5494 | 2006-10-25 | Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or... |
| CVE-2006-5495 | 2006-10-25 | Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to... |
| CVE-2006-5496 | 2006-10-25 | Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3)... |
| CVE-2006-5497 | 2006-10-25 | PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-5498 | 2006-10-25 | Directory traversal vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. |
| CVE-2006-5499 | 2006-10-25 | Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. |
| CVE-2006-5500 | 2006-10-25 | Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1)... |
| CVE-2006-5501 | 2006-10-25 | Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability... |
| CVE-2006-5502 | 2006-10-25 | Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different... |
| CVE-2006-5503 | 2006-10-25 | Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
| CVE-2006-5504 | 2006-10-25 | Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action... |
| CVE-2006-5505 | 2006-10-25 | Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other... |
| CVE-2006-5506 | 2006-10-25 | Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php,... |
| CVE-2006-5507 | 2006-10-25 | Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2)... |
| CVE-2006-5508 | 2006-10-25 | Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header. |
| CVE-2006-5509 | 2006-10-25 | Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that... |
| CVE-2006-5510 | 2006-10-25 | Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif... |
| CVE-2006-5511 | 2006-10-25 | Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter,... |
| CVE-2006-5512 | 2006-10-25 | Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
| CVE-2006-5382 | 2006-10-25 | 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted... |
| CVE-2006-5513 | 2006-10-26 | SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors. |
| CVE-2006-5514 | 2006-10-26 | SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter. |
| CVE-2006-5515 | 2006-10-26 | Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that... |
| CVE-2006-5516 | 2006-10-26 | Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to... |
| CVE-2006-5517 | 2006-10-26 | Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to... |
| CVE-2006-5518 | 2006-10-26 | Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php,... |
| CVE-2006-5519 | 2006-10-26 | PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path... |
| CVE-2006-5520 | 2006-10-26 | PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter. |
| CVE-2006-5521 | 2006-10-26 | PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. |
| CVE-2006-5522 | 2006-10-26 | Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1)... |
| CVE-2006-5523 | 2006-10-26 | PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter. |
| CVE-2006-5524 | 2006-10-26 | Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. |
| CVE-2006-5525 | 2006-10-26 | Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not... |
| CVE-2006-5526 | 2006-10-26 | Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40 and earlier, allow remote attackers to execute arbitrary PHP code via a... |
| CVE-2006-5527 | 2006-10-26 | PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter. |
| CVE-2006-5530 | 2006-10-26 | Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified... |
| CVE-2006-5531 | 2006-10-26 | PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter. |
| CVE-2006-5532 | 2006-10-26 | Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details... |
| CVE-2006-5533 | 2006-10-26 | Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath... |
| CVE-2006-5534 | 2006-10-26 | Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat,... |
| CVE-2006-5535 | 2006-10-26 | Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and... |
| CVE-2006-5536 | 2006-10-26 | Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. |
| CVE-2006-5537 | 2006-10-26 | Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. |
| CVE-2006-5538 | 2006-10-26 | D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request. |
| CVE-2006-5539 | 2006-10-26 | PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter. |
| CVE-2006-5540 | 2006-10-26 | backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly... |
| CVE-2006-5541 | 2006-10-26 | backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an... |
| CVE-2006-5542 | 2006-10-26 | backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and... |
| CVE-2006-5543 | 2006-10-26 | PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL... |
| CVE-2006-5544 | 2006-10-26 | Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which... |
| CVE-2006-5545 | 2006-10-26 | Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam... |
| CVE-2006-5546 | 2006-10-26 | PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.3.0 through 1.4.1 allows remote attackers to execute arbitrary PHP code via a URL in... |
| CVE-2006-5547 | 2006-10-26 | PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.0.0 through 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in... |
| CVE-2006-5548 | 2006-10-26 | PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in... |
| CVE-2006-5549 | 2006-10-26 | PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by... |
| CVE-2006-5551 | 2006-10-26 | Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command. |
| CVE-2006-5552 | 2006-10-26 | Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and earlier allow remote attackers to cause a denial of service (CPU consumption or application crash) or execute arbitrary code via a... |
| CVE-2006-5553 | 2006-10-26 | Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a... |
| CVE-2006-5554 | 2006-10-26 | Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by... |
| CVE-2006-5555 | 2006-10-26 | PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter. |
| CVE-2006-5528 | 2006-10-26 | Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some... |
| CVE-2006-5529 | 2006-10-26 | Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the... |
| CVE-2006-5550 | 2006-10-26 | The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto. |
| CVE-2006-5556 | 2006-10-27 | Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ... |
| CVE-2006-5557 | 2006-10-27 | Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument.... |
| CVE-2006-5558 | 2006-10-27 | Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE:... |
| CVE-2006-5559 | 2006-10-27 | The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1... |
| CVE-2006-5560 | 2006-10-27 | Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors... |
| CVE-2006-5561 | 2006-10-27 | SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie. |
| CVE-2006-5562 | 2006-10-27 | PHP remote file inclusion vulnerability in include/database.php in SourceForge (aka alexandria) 1.0.4 allows remote attackers to execute arbitrary PHP code via the sys_dbtype parameter. |
| CVE-2006-5563 | 2006-10-27 | Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a... |
| CVE-2006-5564 | 2006-10-27 | Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information... |
| CVE-2006-5565 | 2006-10-27 | CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func... |
| CVE-2006-5566 | 2006-10-27 | CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news,... |
| CVE-2006-5567 | 2006-10-27 | Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or... |
| CVE-2006-5568 | 2006-10-27 | FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command. |
| CVE-2006-5570 | 2006-10-27 | Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter. |
| CVE-2006-5571 | 2006-10-27 | Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter. |
| CVE-2006-5569 | 2006-10-27 | FtpXQ Server 3.0.1 installs with two default testing accounts, which allows remote attackers to read or write arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown;... |
| CVE-2006-5467 | 2006-10-27 | The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body... |
| CVE-2006-5587 | 2006-10-27 | Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php... |
| CVE-2006-5588 | 2006-10-27 | Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL... |
| CVE-2006-5589 | 2006-10-27 | Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm. |
| CVE-2006-5590 | 2006-10-27 | PHP remote file inclusion vulnerability in index.php in ArticleBeach Script 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| CVE-2006-5591 | 2006-10-27 | Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. |