CyberSecurityBoard
Sponsor Register Login

CVE-2006-5193

PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter.

Publication date: Tue, 10 Oct 2006 09:06:00 +0000


Cyber News related to CVE-2006-5193

CVE-2006-5193 - PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter. ...
6 years ago
CVE-2015-5193 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and ...
55 years ago Tenable.com
CVE-2011-5193 - Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain ...
12 years ago
CVE-2014-5193 - Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082. ...
9 years ago
CVE-2011-5194 - Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability ...
7 years ago
CVE-2008-5193 - Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024. ...
7 years ago
CVE-2007-5193 - The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive ...
16 years ago
CVE-2013-5193 - The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID ...
11 years ago
CVE-2010-5193 - Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit ...
7 years ago
CVE-2016-5193 - Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. ...
7 years ago
CVE-2017-5193 - The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. ...
5 years ago
CVE-2012-5193 - Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to ...
5 years ago
CVE-2020-5193 - PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter. ...
4 years ago
CVE-2023-5193 - Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation. ...
1 year ago
CVE-2024-5193 - A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic. Affected is an unknown function of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to ...
7 months ago
CVE-2017-16602 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication ...
5 years ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com
CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
55 years ago Tenable.com
CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
1 year ago
CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago
CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago
CVE-2006-1723 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago
CVE-2006-1531 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago
CVE-2006-5424 - Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than ...
7 years ago
CVE-2006-6653 - The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which ...
13 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)