|
280581
|
- |
|
bitberry_software
|
bitzipper
|
Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in …
|
NVD-CWE-Other
|
CVE-2006-2520
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280582
|
- |
|
power_place
|
php_easy_galerie
|
PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
|
NVD-CWE-Other
|
CVE-2006-2526
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280583
|
- |
|
smartisoft
|
phpbazar
|
Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter t…
|
NVD-CWE-Other
|
CVE-2006-2527
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280584
|
- |
|
snitz_communications
|
avatar_mod
|
avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2006-2530
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280585
|
- |
|
ipswitch
|
whatsup
|
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Ag…
|
NVD-CWE-Other
|
CVE-2006-2531
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280586
|
- |
|
greg_donald
|
destiney_rated_images_script
|
stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was …
|
NVD-CWE-Other
|
CVE-2006-2532
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280587
|
- |
|
greg_donald
|
destiney_rated_images_script
|
Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote at…
|
NVD-CWE-Other
|
CVE-2006-2533
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280588
|
- |
|
greg_donald
|
destiney_links_script
|
Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes…
|
NVD-CWE-Other
|
CVE-2006-2534
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280589
|
- |
|
greg_donald
|
destiney_links_script
|
index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting…
|
CWE-200
Information Exposure
|
CVE-2006-2535
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280590
|
- |
|
greg_donald
|
destiney_links_script
|
Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add …
|
NVD-CWE-Other
|
CVE-2006-2536
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
