|
278101
|
- |
|
virtual_hosting_control_system
|
virtual_hosting_control_system
|
change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthoriz…
|
NVD-CWE-Other
|
CVE-2006-0684
|
2018-10-20 00:45 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278102
|
- |
|
virtual_hosting_control_system
|
virtual_hosting_control_system
|
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
|
NVD-CWE-Other
|
CVE-2006-0685
|
2018-10-20 00:45 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278103
|
- |
|
virtual_hosting_control_system
|
virtual_hosting_control_system
|
add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized acce…
|
NVD-CWE-Other
|
CVE-2006-0686
|
2018-10-20 00:45 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278104
|
- |
|
docmgr
|
docmgr
|
process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a…
|
NVD-CWE-Other
|
CVE-2006-0687
|
2018-10-20 00:45 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278105
|
- |
|
nicecoder
|
indexu
|
PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
|
NVD-CWE-Other
|
CVE-2006-0688
|
2018-10-20 00:45 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278106
|
- |
|
scheduling_management.com
|
time_tracking_software
|
Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
|
NVD-CWE-Other
|
CVE-2006-0689
|
2018-10-20 00:45 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278107
|
- |
|
scheduling_management.com
|
time_tracking_software
|
Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2006-0690
|
2018-10-20 00:45 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278108
|
- |
|
scheduling_management.com
|
time_tracking_software
|
edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account.
|
NVD-CWE-Other
|
CVE-2006-0691
|
2018-10-20 00:45 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278109
|
- |
|
carey_briggs
|
php_mysql_timesheet
|
Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters …
|
CWE-89
SQL Injection
|
CVE-2006-0692
|
2018-10-20 00:45 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278110
|
- |
|
carey_briggs
|
php_mysql_timesheet
|
The vendor has supplied a patch which is available at:
http://www.hotscripts.com/Detailed/51138.html
|
CWE-89
SQL Injection
|
CVE-2006-0692
|
2018-10-20 00:45 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
