CVE Reference Map for Source VIM

Source VIM
Description Vulnerability Information Managers mailing list
URL http://www.attrition.org/pipermail/vim/
Notes

This reference map lists the various references for VIM and provides the associated CVE entries or candidates. It uses data from CVE version 20061101 and candidates that were active as of 2014-08-26.

Note that the list of references may not be complete.

VIM:"X-POLL admin By-Pass" - standard PHP upload? CVE-2006-2281
VIM:20050516 Re: Woltlab Burning Board SQL Injection Vulnerability (fwd) CVE-2005-1642
VIM:20051029 Saphp Lesson CVE-2005-3363
VIM:20060105 Vendor ACK: 21370: CS-Cart index.php Multiple Variable SQL Injection (fwd) CVE-2005-4429
VIM:20060113 Verified TankLogger SQl inject by source inspection CVE-2006-0209
VIM:20060116 vendor ack/fix: 22198: raSMP index.php User-Agent Field XSS (fwd) CVE-2006-0084
VIM:20060124 vendor ack/fix - OSVDB ID: 21716 (fwd) CVE-2005-4293
VIM:20060124 vendor ack/fix: Aquifer CMS Index.asp Keyword Variable XSS (fwd) CVE-2006-0122
VIM:20060125 The parameter in e-moBLOG is "monthy" [sic] CVE-2006-0403
VIM:20060127 vendor confirms versions: iNETstore E Commerce Solution - Cross Site Scripting (fwd) CVE-2006-0116
VIM:20060130 My Little Homepage - source verify of different products CVE-2006-0471 CVE-2006-0472 CVE-2006-0473
VIM:20060203 vendor ack/fix: 22793: CRE Loaded files.php Unauthenticated Arbitrary File Upload (fwd) CVE-2006-0478
VIM:20060206 VERIFY Pluggedout Blog 1.9.9c exec.php SQL injection CVE-2006-0563
VIM:20060206 VERIFY Pluggedout Blog 1.9.9c problem.php XSS CVE-2006-0562
VIM:20060209 Vendor ACK for MyQuiz CVE-2006-0628
VIM:20060213 Verified: dot in Miniwebsvr 0.0.6 CVE-2007-0919
VIM:20060214 vendor ack/fix 22243: Modular Merchant Marketplace Shopping Cart category.php cat Variable XSS (fwd) CVE-2006-0109
VIM:20060215 EV0074 BirthSys 3.1 SQL injection (fwd) CVE-2006-0775
VIM:20060216 Recent HP advisories outline BIND problems CVE-2006-0527
VIM:20060220 vendor dispute for CVE-2006-0669 CVE-2006-0669
VIM:20060223 old Squid clientAbortBody issue - NOT an overflow? CVE-2004-2654
VIM:20060303 vendor ack/fix: Honeycomb Archive CategoryResults.cfm Multiple Variable SQL Injection (fwd) CVE-2005-4419
VIM:20060310 Re: vendor dispute: VCS CVE-2006-0897
VIM:20060310 vendor dispute: VCS CVE-2006-0897
VIM:20060313 Oddness - CoreNews 2.0.1 Remote Command Exucetion CVE-2006-1212
VIM:20060314 vendor dispute: VCS CVE-2006-1266
VIM:20060317 vendor ack/fix: Sitekit CMS CVE-2005-4491
VIM:20060318 Source VERIFY - Light Weight Calendar issue is eval injection CVE-2006-0206 CVE-2006-1252
VIM:20060318 Vendor ACK for Skull-Splitter Guestbook XSS CVE-2006-1256
VIM:20060322 Free Articles Directory - file inclusion, code execution? CVE-2006-1350
VIM:20060323 IBM changing significant details? CVE-2006-1246
VIM:20060324 XHP vendor ack/fix CVE-2006-1371
VIM:20060326 clarification of "VihorDesign" (not VihorDesing) issues CVE-2006-1496 CVE-2006-1497
VIM:20060327 Helm Control Panel followup CVE-2006-1407
VIM:20060327 clarification of "VihorDesign" (not VihorDesing) issues CVE-2006-1497
VIM:20060328 Conftool, not Canftool; appears to be distributable CVE-2006-1482
VIM:20060330 Recent unspecified Horde vuln is eval injection CVE-2006-1491
VIM:20060403 Vendor ACK for VWar issue - VWar used by PhpNuke Clan CVE-2006-1503
VIM:20060404 FleXiBle Development Script Remote Command Exucetion And XSS Attacking CVE-2006-1623
VIM:20060410 VEndor ACK: Simple Machines Forum Register.php X-Forwarded-For XSS CVE-2006-0896
VIM:20060411 ZixForum vendor ack/fix CVE-2005-4334
VIM:20060412 Multiple vulnerabilities in Blur6ex (fwd) CVE-2006-1761 CVE-2006-1762
VIM:20060414 Provable vendor ACK for gcards issues CVE-2006-1346 CVE-2006-1347 CVE-2006-1348
VIM:20060420 LinPHA provenance/acknowledgement CVE-2006-1923 CVE-2006-1924
VIM:20060423 rwAuction Pro vendor ack/fix CVE-2005-4060
VIM:20060425 Interesting Scry stuff CVE-2006-1995 CVE-2006-1996 CVE-2006-2001
VIM:20060427 Instant Photo Gallery <= Multiple XSS (fwd) CVE-2006-2079 CVE-2006-2080
VIM:20060512 Vendor dispute of CVE-2006-2184 CVE-2006-2184
VIM:20060517 Unclassified NewsBoard directory traversal variant CVE-2006-2406
VIM:20060519 Partial details on Invision Power Board (IPB) PHP execution issue CVE-2006-2498
VIM:20060519 Resolved PHPKB vendor dispute (CVE-2006-2184) CVE-2006-2184
VIM:20060523 Jemscripts DownloadControl 1.0 - at least 2 separate issues CVE-2006-2553
VIM:20060527 Helm Control Panel followup CVE-2005-4747
VIM:20060601 Interlink "news_information.php" XSS (fwd) CVE-2006-2765
VIM:20060605 # MHG Security Team ---Rumble 1.02 version Remote File Inc. CVE-2006-2872
VIM:20060606 CS-Cart: request for information (fwd) CVE-2006-2863
VIM:20060609 [VIM] Update Regarding CVE-2006-1921 (fwd) CVE-2006-1921
VIM:20060612 misinterpretation? (Re: Vice Stats 0.5b SQL injection) CVE-2006-2972 CVE-2006-2981
VIM:20060612 verified SQL injection in IntegraMOD 1.4.0 (source inspection) CVE-2006-2985
VIM:20060612 verify of LabWiki issue (source inspection) CVE-2006-2968
VIM:20060612 verify of ViArt Shop Free 2.5.5 issue (diff digging) CVE-2006-2979 CVE-2006-2980
VIM:20060615 Disputed vulnerability: Pixaria, PopPhoto (fwd) CVE-2006-2395
VIM:20060615 Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities CVE-2006-3041
VIM:20060615 WS-Album - "PublisedDate" is correct, source verify, new vector CVE-2006-3020
VIM:20060615 [SECUNIA] Re: 20612 typo? (fwd) CVE-2006-3049
VIM:20060615 source verify of Minerva (phpbb_root_path) issue CVE-2006-3028
VIM:20060617 phpjobboard Authecnical admin byPass (fwd) CVE-2006-7016
VIM:20060619 Re: Moodle issue - invalid vendor ack? and extra vulns CVE-2006-4785
VIM:20060620 BtitTracker SQL injection vuln. (and PHP mysql_query) CVE-2006-6972
VIM:20060622 Winamp security vagueness CVE-2006-3228
VIM:20060626 On SQL injection and PHP mysql_query... CVE-2006-6972
VIM:20060626 Openwebmail: 2 XSS vulns not one, and some version hints CVE-2006-3229 CVE-2006-3233
VIM:20060630 IMGallery - "galeria.php" not "galerie.php" CVE-2006-3163
VIM:20060630 Webmin traversal - changelog CVE-2006-3392
VIM:20060707 FortiGate issue - "EPSV" not "ESPV" CVE-2006-3222
VIM:20060711 Re: Webmin traversal - changelog CVE-2006-3392
VIM:20060720 vendor ack/fix: Actinic Catalog Unspecified .pl Files XSS (fwd) CVE-2002-1732
VIM:20060723 Igloo DoublSpeak vuln CVE-2006-3069
VIM:20060724 Vanilla CMS CVE-2006-3850
VIM:20060725 ListMessenger dispute CVE-2006-3692 CVE-2006-3692
VIM:20060725 Vanilla CMS CVE-2006-3850
VIM:20060811 QaTraq multiple cross-site scripting vulnerabilities (fwd) CVE-2006-3312
VIM:20060811 SquirrelMail issue is dynamic variable evaluation CVE-2006-4019
VIM:20060814 Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability CVE-2006-4135
VIM:20060814 vendor dispute: 21687: Jamit Job Board index.php cat Variable SQL Injection (fwd) CVE-2005-4232
VIM:20060820 bad report for EstateAgent? CVE-2006-4322
VIM:20060821 CVE-2006-2490 (Mobotix) vendor ACK CVE-2006-2490
VIM:20060823 Vendor ACK - CVE-2006-3038 (fwd) CVE-2006-3038 CVE-2006-3039
VIM:20060823 source VERIFY of Shadows Rising RPG file include CVE-2006-4329
VIM:20060825 Source VERIFY of pSlash 0.7 file include CVE-2006-4373
VIM:20060828 Jupiter CMS file include - CVE dispute CVE-2006-4428
VIM:20060829 CuteNews 1.3.* Remote File Include Vulnerability CVE-2006-4445
VIM:20060829 Jetbox CMS file include - CVE dispute CVE-2006-4422
VIM:20060829 Sendmail vendor dispute - CVE-2006-4434 (fwd) CVE-2006-4434
VIM:20060830 22068: Speartek Search Module XSS (fwd) CVE-2005-4493
VIM:20060901 ModuleBased CMS file include - CVE dispute CVE-2006-4545
VIM:20060906 ZoneX 1.0.3 File Inclusion - CVE-2006-4036 CVE-2006-4036
VIM:20060908 Vendor ACK for CVE-2006-2117 (Thyme) CVE-2006-2117
VIM:20060912 Source VERIFY of MyABraCaDaWeb file inclusion CVE-2006-4719
VIM:20060919 Dispute - CVE-2006-4759 - PunBB CVE-2006-4759
VIM:20060919 Moodle issue - invalid vendor ack? and extra vulns CVE-2006-4785
VIM:20060925 PunBB - more CVE-2006-4759
VIM:20060926 Kietu 3.2 - Local file inclusion CVE-2006-5015
VIM:20060926 PHPSaTK remote file inclusion - CVE dispute CVE-2006-5067
VIM:20060926 PunBB - more CVE-2006-4759
VIM:20060926 vendor dispute: 21878: Polopoly Search Module XSS (fwd) CVE-2005-4481
VIM:20060927 MyPhotos includesdir file inclusion - CVE dispute CVE-2006-5095
VIM:20061002 yblog: distributable product CVE-2006-5146
VIM:20061003 Concerning CSRF in phpMyAdmin 2.9.0.1 (CVE-2006-5116) CVE-2006-5116
VIM:20061009 net2ftp: a web based FTP client :) <= Remote File Inclusion (fwd) CVE-2006-5097
VIM:20061010 phpWebSite 0.10.2 RFI - CVE dispute CVE-2006-5234
VIM:20061011 Source VERIFY of tagit2b delTagUser.php RFI CVE-2006-5249
VIM:20061017 Contenido RFI - CVE dispute CVE-2006-5380
VIM:20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability CVE-2006-3146 CVE-2006-5405
VIM:20061018 28547: Web Dictate Null Password Authentication Bypass (fwd) CVE-2006-4603
VIM:20061018 CVE-2006-5402, fishy? CVE-2006-5402
VIM:20061019 CVE-2006-5402, fishy? CVE-2006-5402
VIM:20061020 vendor ACK for old YPOPs! issue CVE-2004-1558
VIM:20061023 PHP file inclusions in PHP Developer Library 1.5.3 (some disputed) CVE-2006-5473
VIM:20061023 Source VERIFY - speedberg RFI CVE-2006-5485
VIM:20061024 CONFIRM: JaxUltraBB PHP/HTML/webscript injection CVE-2006-5511
VIM:20061024 PHP file inclusions in PHP Developer Library 1.5.3 (some disputed) CVE-2006-5473
VIM:20061024 Vendor ACK for LearnCenter XSS (CVE-2006-4540) CVE-2006-4540
VIM:20061025 CONFIRM: OTSCMS file inclusions - PHP5 __autoload CVE-2006-5546 CVE-2006-5547 CVE-2006-5548
VIM:20061026 Source VERIFY: PHP Generator of Object SQL Database RFI CVE-2006-5543
VIM:20061026 parameter name error in vuln DBs for EPNadmin CVE-2006-5555
VIM:20061031 Ig-shop change_pass.php XSS - 2 vectors CVE-2006-5631 CVE-2006-5632
VIM:20061031 Likely vendor fix for Faq Administrator 2.1b CVE-2006-5637
VIM:20061102 CVE dispute - phpMyConferences RFI CVE-2006-5678
VIM:20061102 Source VERIFY and patch for gepi RFI CVE-2006-5669
VIM:20061103 Zwahlen Online Shop CVE-2006-5512 CVE-2006-5534
VIM:20061106 DISPUTE: PHP file inclusion in Ariadne 2.4.1 CVE-2006-5776
VIM:20061106 RE: DISPUTE: PHP file inclusion in Ariadne 2.4.1 CVE-2006-5776
VIM:20061107 Minimizing error cascades in vulnerability information management CVE-2006-2431
VIM:20061108 MiniBill 2 RFI ack CVE-2006-4489
VIM:20061114 Source VERIFY - encapscms 0.3.6 RFI CVE-2006-5895
VIM:20061114 source verify of "Ban v0.1" SQL injection CVE-2006-5907
VIM:20061117 Fwd: My-BIC => 0.6.5 Remote File Include Vulnerability Exploit CVE-2006-6018
VIM:20061121 CVE dispute for Bloo RFI CVE-2006-6023
VIM:20061128 PMOS Help Desk/etc. SQL injection - source verify and more info CVE-2006-6158
VIM:20061128 [Aria-Security Team] iNews News Manager SQL Injection CVE-2006-6274
VIM:20061130 Wabbit directory traversal - uncertain impact; enomphp uncertainty CVE-2006-6185 CVE-2006-6186
VIM:20061130 source VERIFY - PEGames RFI CVE-2006-6213
VIM:20061201 Old PHP-Nuke/PostNuke SQL injection issues - clarification CVE-2006-6234
VIM:20061201 ltwCalendar = PHP Event Calendar, and vendor ACK CVE-2005-4011
VIM:20061204 snif RFI curiosity CVE-2006-6285
VIM:20061206 Source verify of mg.applanix RFI CVE-2006-6341
VIM:20061206 Vendor dispute: infinicart (CVE-2006-5957) CVE-2006-5957
VIM:20061206 awrate 1.0 search.php RFI - source verify, small wrinkle CVE-2006-6368
VIM:20061207 Vendor dispute - CVE-2006-5840 (abarcar Realty Portal) CVE-2006-5840
VIM:20061208 CVE dispute - phpAdsNew PHP file inclusion CVE-2006-6415
VIM:20061211 GraceNote CDDBControl (CVE-2006-3134) = CDDBAOLControl (CVE-2006-6442) CVE-2006-6442
VIM:20061214 mxBB Module mx_profilecp 0.91 Remote File Include Vulnerability CVE-2006-6566
VIM:20061215 Media .MID file DoS extra info CVE-2006-6601
VIM:20061217 Source VERIFY of Barman interface.php/basepath RFI CVE-2006-6611
VIM:20061217 Source VERIFY of phpmycms basic.inc.php/basepath_start RFI CVE-2006-6612
VIM:20061219 Possible HyperVM vendor dispute - but of severity or existence? CVE-2006-6649
VIM:20061219 abarcar vendor statement on CVE-2006-5840 CVE-2006-5840
VIM:20061220 Provable vendor ACK for Album Photo Sans Nom traversal issue CVE-2006-5320
VIM:20061222 Source verify of PowerClan RFI CVE-2006-6715
VIM:20061226 MINI WEB SHOP vuln report - incomplete researcher diagnosis CVE-2006-6734 CVE-2006-6735
VIM:20061226 Vendor ACK (basically) for Drake CMS RFI (CVE-2006-5767) CVE-2006-5767
VIM:20061226 Vendor dispute for Animated Smiley Generator RFI (CVE-2006-6541) CVE-2006-6541
VIM:20070103 Provable vendor ACK for CVE-2006-6810 (DB Hub DoS) CVE-2006-6810
VIM:20070104 CVE Dispute - PHPIrc_bot PHP file inclusion CVE-2006-6883
VIM:20070104 CVE dispute of Enigma WordPress RFI CVE-2006-6863
VIM:20070104 Source VERIFY of Enigma Coppermine Bridge RFI CVE-2006-6864
VIM:20070106 vendor ack: SolidState RFI CVE-2006-5020
VIM:20070108 Source verify - Coppermine Photo Gallery <= 1.4.10 code injection CVE-2007-0115
VIM:20070108 Source verify of Aratix RFI CVE-2007-0135
VIM:20070109 "ppc engine" is WGS-PPC CVE-2007-0167
VIM:20070110 Dispute of GeoBB RFI CVE-2007-0189
VIM:20070110 Vulnerable: sazcart v1.5 (cart.php) Remote File include CVE-2006-5727
VIM:20070110 [bogus] [ahmed_labib_hilmy at yahoo.com: CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability] (fwd) CVE-2007-0230
VIM:20070110 source verify - Axiom RFI CVE-2007-0200
VIM:20070112 Fwd: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability CVE-2007-0260
VIM:20070112 Source Verify of LunarPoll PollDir RFI CVE-2007-0298
VIM:20070112 [Bogus - partly] V TLM CMS <= 1.1 (i-accueil.php chemin) Remote File Include Vulnerability (fwd) CVE-2007-0300
VIM:20070115 [Bogus] [ilkerkandemir at mynet.com: Trevorchan <= v0.7 Remote File Include Vulnerability] (fwd) CVE-2007-0863
VIM:20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection CVE-2007-0339 CVE-2007-0346 CVE-2007-0350
VIM:20070118 source verify: Uberghey CMS 0.3.1 RFI CVE-2007-0359
VIM:20070118 vendor ACK for MGB Guestbook issue CVE-2007-0354
VIM:20070122 a-forum xss - who? what? where? CVE-2007-0398
VIM:20070122 old OdysseusBlog XSS report - possibly incorrect CVE-2006-6951
VIM:20070129 [still bogus] V [mike at carstein.kill-9.pl: Re: Open Conference Systems = 2.8.2 Remote File Inclusion] (fwd) CVE-2007-0649
VIM:20070131 Partial source code verify - "RBL - ASP" scripts SQL injection CVE-2007-0642 CVE-2007-0784
VIM:20070131 VERIFY of RFI and XSS in OpenEMR 2.8.2 (was [still bogus] V [mike at carstein.kill-9.pl: Re: Open Conference Systems = 2.8.2 Remote File Inclusion]) CVE-2007-0649
VIM:20070201 Fwd: php web portail [remote file include & local file include] CVE-2007-0699 CVE-2007-0700
VIM:20070201 True: Somery 0.4.6 (skindir install.php) Remote file include CVE-2007-0704
VIM:20070201 true but: SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability CVE-2006-4733
VIM:20070201 true: Epistemon 1.0 <= Remote File Include Vulnerability CVE-2007-0701
VIM:20070201 true: WebBuilder <= 2.0 Remote File Include Vulnerability CVE-2007-0703
VIM:20070201 true: phpEventMan RFI Vuln. CVE-2007-0702
VIM:20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude]) CVE-2007-0700
VIM:20070202 phpBB++ Build 100 (phpbb_root_path) Remote File Include Exploit CVE-2007-0762
VIM:20070202 true: DreamStats V 4.2=(index.php)=>Remote File Include CVE-2007-0757
VIM:20070202 true: phpBB ezBoard converter 0.2 (ezconvert_dir) Remote File Include Exploit CVE-2007-0761
VIM:20070203 FLIP SQL injection clarification CVE-2007-0695
VIM:20070207 false: Agermenu 0.03 CVE-2007-0837
VIM:20070207 true: Agermenu 0.03 CVE-2007-0848
VIM:20070207 true: Categories hierarchy class_template.php RFI CVE-2007-0809
VIM:20070207 true: WebMatic 2.6 RFI CVE-2007-0839
VIM:20070207 true: agermenu CVE-2007-0837
VIM:20070207 true: months-old CentiPaid absolute_path RFI CVE-2006-6976
VIM:20070211 FreeRADIUS dispute of CVE-2007-0080 CVE-2007-0080
VIM:20070212 CVE dispute - old Somery team.php RFI CVE-2006-7006
VIM:20070213 true: AT Contenator <= v1.0 (Root_To_Script) Remote File Include Exploit CVE-2007-0983
VIM:20070213 true: [Full-disclosure] Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb) CVE-2007-0929
VIM:20070214 false: old Develooping Flash Chat RFI CVE-2006-7011
VIM:20070214 false: old Jobline RFI CVE-2006-7015
VIM:20070215 [milw0rm] exploit 3305 CVE-2007-0873
VIM:20070216 PBLang 4.60 <= (index.php) Remote File Include Vulnerability CVE-2007-1052
VIM:20070220 [True] Meganoide's news v1.1.1 < = RFi Vulnerabilities CVE-2007-1024
VIM:20070220 false: phpXmms 1.0 (tcmdp) Remote File Include Vulnerabilities CVE-2007-1053
VIM:20070221 [unsure] MediaWiki Cross-site Scripting CVE-2007-1054
VIM:20070222 Source verify and clarification of old bookmark4u SQL injection CVE-2006-7025
VIM:20070222 Verisign ConfigChk ActiveX Overflow(s) CVE-2007-1083
VIM:20070222 [TRUE] Call Center Software - Remote Xss Post Exploit - CVE-2007-1161
VIM:20070222 [TRUE] Nabopoll Blind SQL Injection vulnerabilies CVE-2007-1166
VIM:20070222 [true] phpTrafficA-1.4.1 Local File Inclusion CVE-2007-1076
VIM:20070223 Verisign ConfigChk ActiveX Overflow(s) CVE-2007-1083
VIM:20070227 Verified: arabhost function.php RFI CVE-2007-1146
VIM:20070227 WebMplayer "eval injection" is actually OS command injection CVE-2007-1136
VIM:20070301 phpProfiles vendor ack CVE-2006-6740
VIM:20070303 Keyword Replacer plugin RFI seems to be fixed CVE-2006-7156
VIM:20070303 Novell BorderManager ISAKMP issue smells like a dupe CVE-2006-7155
VIM:20070307 Bogus - [c_r_ck at hotmail.com: Lazarus Guestbook (admin.php)Remote File Include Expliot] CVE-2007-1486
VIM:20070314 SQL injection (x2) in NukeSentinel CVE-2007-1172 CVE-2007-1493
VIM:20070314 [TRUE] Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability CVE-2007-1657
VIM:20070314 [false] Remote File Include In Script PHP Photo Album CVE-2007-1456
VIM:20070315 [ECHO_ADV_75$2007] Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability CVE-2007-1472
VIM:20070319 Bogus - [CLBOX <= (signup.php header) Remote File Include Vulnerability] CVE-2007-1631
VIM:20070320 WebAPP Audit CVE-2007-1489
VIM:20070322 WebAPP Audit CVE-2007-1827 CVE-2007-1828 CVE-2007-1831 CVE-2007-1832
VIM:20070323 Helix Server LoadTestPassword Overflow CVE-2006-6026
VIM:20070323 Mambo Module uhp 0.3 (uhp_config.php) Remote File Inclusion Exploit CVE-2006-3995
VIM:20070323 Re: Mambo Module uhp 0.3 (uhp_config.php) Remote File Inclusion Exploit CVE-2006-3995
VIM:20070323 Root cause of NPDS SQL injection is variable extraction/evaluation CVE-2007-1634
VIM:20070324 Helix Server LoadTestPassword Overflow CVE-2006-6026
VIM:20070324 Vendor ACK for FTPx DoS (CVE-2007-1082) CVE-2007-1082
VIM:20070326 Confirm - Mambo 4.5.1 Modules Flatmenu <= 1.07 Remote File Include Exploit CVE-2007-1702
VIM:20070327 "File Upload" seems to be "Free File Hosting" CVE-2006-5762 CVE-2006-5763 CVE-2006-5764
VIM:20070329 iPhotoAlbum v1.1(header.php)Remote File Include Vulnerability CVE-2005-2246
VIM:20070402 [true] BT-Sondage-v112 RFI CVE-2007-1812
VIM:20070402 [true] CWB pro 1.5 INCLUDE_PATH RFI CVE-2007-1809
VIM:20070403 Bogus - [Xoops Module Virii Info <= 1.10 (index.php) Remote File Include Exploit] CVE-2007-1976
VIM:20070403 [false] Remote File Include In Script stat12 CVE-2007-1967
VIM:20070405 true: XOOPS Module Jobs <= 2.4 (cid) SQL Injection Exploit CVE-2007-2370
VIM:20070406 false: phpContact Multiple Remote File Inclusion Vulnerabilities CVE-2007-1924
VIM:20070410 True: MyBlog games.php RFI CVE-2007-1968
VIM:20070410 false: phpGalleryScript 1.0 - File Inclusion Vulnerabilities CVE-2007-2019
VIM:20070411 Confirm: Joomla/Mambo Component Taskhopper 1.1 RFI Vulnerabilities CVE-2007-2005
VIM:20070411 Cyboards PHP RFI: true for 1.21, fixed in at least 1.25 CVE-2007-1983
VIM:20070411 Rediscovery: Flexphpnews news.php/newsid SQL injection CVE-2005-1237
VIM:20070411 WF-Sections SQL injection vendor ack; shows up in other modules CVE-2007-1974
VIM:20070411 [false] Remote File Include In Script stat12 CVE-2007-1967
VIM:20070411 true: Request It : Song Request System 1.0b RFI CVE-2007-2015
VIM:20070412 dispute: older CyBoards common.php RFI (CVE-2006-2871) CVE-2006-2871
VIM:20070412 probably false: xodagallery execution claim CVE-2007-2020
VIM:20070412 true: SimpCMS Light RFI CVE-2007-2009
VIM:20070413 DUP?: [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke CVE-2006-4142 CVE-2007-2312
VIM:20070413 Dup: TOSMO/Mambo 1.4.13a (absolute_path) Remote File Inclusion Vulns CVE-2007-2317
VIM:20070414 false: Maian Search v1.1 CVE-2007-2077
VIM:20070414 true until installed: MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities CVE-2006-4849 CVE-2007-2084
VIM:20070415 false: Back-End CMS Database Tables v0.4.7 Remote File Include Vulnerabilities CVE-2007-2097
VIM:20070415 false: Maian Gallery v1.0 CVE-2007-2076
VIM:20070415 false: Maian Weblog v3.1 CVE-2007-2078
VIM:20070415 false: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy CVE-2007-2311
VIM:20070415 false: phpMyChat-0.14.5 CVE-2007-2477
VIM:20070416 false: phpMyChat-0.14.5 CVE-2007-2477
VIM:20070417 Bugtraq 23534 CVE-2007-2679
VIM:20070417 False: Joomla/Mambo Jambook v1.0 beta7 Rfi Vuln. CVE-2007-2196
VIM:20070417 Not Quite: Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit CVE-2007-2072 CVE-2007-2073
VIM:20070418 [uncertain] (mostly) phpFaber TopSitespath traversal CVE-2007-2155
VIM:20070422 false: turbolence core 0.0.1 alpha Remote File Inclusion CVE-2007-2503 CVE-2007-2504
VIM:20070422 vendor ack/clarification for CVE-2007-1888 (SQLite) CVE-2007-1888
VIM:20070425 [false but true] "Allfaclassfieds" RFI no; PHP Classifieds yes CVE-2007-2254
VIM:20070425 [true] Quick and Dirty Blog RFI CVE-2007-2304
VIM:20070426 False: ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure CVE-2007-2285
VIM:20070426 Re: False: ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure CVE-2007-2285
VIM:20070426 re: False: ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure CVE-2007-2285
VIM:20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK CVE-2007-1643 CVE-2007-2205
VIM:20070427 Apache AXIS Non-Existent Java Web Service Path Disclosure? CVE-2007-2353
VIM:20070427 FALSE -> 2bgal RFI CVE-2007-1852
VIM:20070427 FALSE -> PHP Point of Sale (osCommerce) LFI CVE-2007-1477
VIM:20070427 What the *#$(! -- b2evolution RFI [False] CVE-2007-2358
VIM:20070429 false: Seir Anphin (file.php a[filepath]) Remote File Disclosure Vulnerability CVE-2007-2412
VIM:20070501 TCExam - 'XSS' is dynamic variable evaluation; vendor patch CVE-2007-2431
VIM:20070501 TCExam code injection: why does this work? (and vendor ACK) CVE-2007-2430
VIM:20070502 true: firefly RFI, both doc_root and DOCUMENT_ROOT CVE-2007-2456 CVE-2007-2460
VIM:20070503 True: Flip-search-add-on everything.php incpath RFI CVE-2007-2140
VIM:20070503 true: 1024 CMS LFI: fun protection scheme failure CVE-2007-2507
VIM:20070507 Mostly True: phpChess Community Edition 2.0 RFI CVE-2007-2677
VIM:20070507 TRUE: Open Translation Engine (OTE) 0.7.8 RFI (+ XSS) CVE-2007-2676
VIM:20070508 FALSE -> DynamicPAD HomeDir RFI CVE-2007-2527
VIM:20070508 Reneged: RE: FALSE -> DynamicPAD HomeDir RFI CVE-2007-2527
VIM:20070508 false: phpHoo3 Login SQL injection CVE-2007-2534
VIM:20070509 21371: GhostScripter Amazon Shop search.php query Variable XSS (fwd) CVE-2005-3908
VIM:20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552) CVE-2007-2552
VIM:20070509 probably false: pfa RFI CVE-2007-2558
VIM:20070509 true: ACGV Annu (rubrik) LFI CVE-2007-2560
VIM:20070509 true: Wikivi5 RFI CVE-2007-2570
VIM:20070511 probably false: SchoolBoard (admin.php) SQL injection CVE-2007-2626
VIM:20070513 OMG VIM VULN CVE-2007-2438
VIM:20070513 true: R2K Gallery LFI CVE-2007-2642
VIM:20070514 shared code incolving pcltar.lib.php/g_pcltar_lib_dir RFI CVE-2007-2199 CVE-2007-2660
VIM:20070516 CVE-2007-1375 additional vector? CVE-2007-2748
VIM:20070522 true (with errors): ol'bookmarks RFI CVE-2007-2816
VIM:20070524 probably true: SimpGB RFI, likely dynamic variable evaluation CVE-2007-2859
VIM:20070530 true: Vistered Little 1.6a directory traversal CVE-2007-2934
VIM:20070531 wrong but true: "webCMS" database disclosure is actually for wabCMS CVE-2007-2944
VIM:20070601 true: AdminBot-MX RFI CVE-2007-2986
VIM:20070602 [VIM] True: XOOPS Module icontent v.1.0 Remote File Inclusion Exploit (Milw0rm 4022) CVE-2007-3057
VIM:20070614 Sitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability CVE-2007-3228
VIM:20070614 true: XOOPS Modules Horoscope RFI CVE-2007-3236
VIM:20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit CVE-2007-0134
VIM:20070620 bit amusing (Contact Form 2.00.02) CVE-2007-3352
VIM:20070626 vendor ACK for phpTrafficA issues CVE-2007-3425 CVE-2007-3426 CVE-2007-3427
VIM:20070627 Web-APP.org feedback on CVE-2007-3242 CVE-2007-3242
VIM:20070628 Regarding Web-APP.org WebAPP CVE Entry Details CVE-2007-3416
VIM:20070628 Vendor ACK for CVE-2007-3431 (Dagger web engine) CVE-2007-3431
VIM:20070703 Sun JDK Confusion CVE-2007-2788 CVE-2007-2789
VIM:20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd) CVE-2007-2788 CVE-2007-2789
VIM:20070710 AVTutorial 1.0 changePW.php vulnerabilities CVE-2007-3630 CVE-2007-3691
VIM:20070710 SquirrelMail GPG Plugin Vulnerabilities CVE-2007-3634 CVE-2007-3635 CVE-2007-3636 CVE-2007-3778 CVE-2007-3779
VIM:20070710 Vendor ACK: CVE-2007-2017 (AlstraSoft useredit.php auth bypass) CVE-2007-2017
VIM:20070710 Vendor dispute - Google Custom Search Engine XSS (CVE-2007-3484) CVE-2007-3484
VIM:20070711 Sun JDK Confusion CVE-2007-2788 CVE-2007-2789
VIM:20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln CVE-2005-1924 CVE-2007-3778
VIM:20070718 Confirm: Joomla Component Expose <= RC35 Remote File Upload Vulnerability CVE-2007-3932
VIM:20070718 Vendor ACK for CVE-2007-3677 (eVisit Analyst) CVE-2007-3677
VIM:20070724 zoo - amavis - barracuda cross-ref problems CVE-2007-1669
VIM:20070730 Adult Directory - site-specific? CVE-2007-4056
VIM:20070730 Remote File Inclusion: it's not just for PHP anymore CVE-2007-4067
VIM:20070731 WTF: BellaBiblio Admin Login Bypass CVE-2007-4230
VIM:20070731 WTF: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability CVE-2007-4127
VIM:20070731 WTF: phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability CVE-2007-4117
VIM:20070731 true: Madoa RFI CVE-2007-4101
VIM:20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure CVE-2007-4180 CVE-2007-4181
VIM:20070809 true with clarification: fishcart RFI CVE-2007-4287
VIM:20070809 vendor ACK - Advanced Searchbar - CVE-2007-4250 CVE-2007-4250
VIM:20070814 uncertain: FCMS (Family Connections) code execution CVE-2007-4338
VIM:20070818 Recent DB2 Vulnerabilities CVE-2007-1086 CVE-2007-1087 CVE-2007-1088 CVE-2007-1089 CVE-2007-4270 CVE-2007-4271 CVE-2007-4272 CVE-2007-4273 CVE-2007-4275 CVE-2007-4276 CVE-2007-4417 CVE-2007-4418 CVE-2007-4423
VIM:20070823 ACK for CVE-2007-3056 (WebSVN) CVE-2007-3056
VIM:20070823 vendor ACK for CVE-2007-4338 (Familr Connections) CVE-2007-4338
VIM:20070823 vim editor duplicates / clarifications CVE-2007-2438 CVE-2007-2953
VIM:20070824 uh-oh: local file inclusion from insecure permissions CVE-2007-4536
VIM:20070911 true: fuzzylime (cms) path traversal CVE-2007-4805
VIM:20070918 true: Focus/SIS RFI's (both vectors) CVE-2007-4806 CVE-2007-4942
VIM:20070924 CMS Made Simple eval injection is really an ADOdb Lite problem CVE-2007-5056
VIM:20070926 true: sk.log 0.5.3 RFI CVE-2007-5089
VIM:20070928 CVE-2007-5125 - dupe CVE-2007-1171
VIM:20071001 Bogus: Segue CMS <= 1.8.4 index.php Remote File Inclusion Vulnerability CVE-2007-5186
VIM:20071001 Bogus: mxBB Module mx_glance 2.3.3 Remote File Include Vulnerability CVE-2007-5178
VIM:20071006 smells false: phpFreeLog RFI CVE-2007-5258
VIM:20071009 Joomla Flash Image Gallery Component RFI Vulnerability CVE-2007-5309
VIM:20071011 false: Joomla! swMenuFree 4.6 Component Remote File Include CVE-2007-5389
VIM:20071012 clarification on multiple Tk overflow issues CVE-2007-5137 CVE-2007-5378
VIM:20071016 true: WebMod 0.48 XSS CVE-2007-5477
VIM:20071018 true: Galmeta Post 0.11 RFI CVE-2007-5567
VIM:20071030 Clarification on old QEMU/NE2000/Xen issues CVE-2007-1321 CVE-2007-5729 CVE-2007-5730
VIM:20071030 RealPlayer Updates of October 25, 2007 CVE-2007-2263 CVE-2007-2264 CVE-2007-3410 CVE-2007-4599 CVE-2007-5080 CVE-2007-5081
VIM:20071031 phpMyConferences <= 8.0.2 Remote File Disclosure Vulnerability CVE-2007-5811
VIM:20071203 CVE-2007-4158 == CVE-2007-5553? CVE-2007-4158
VIM:20071203 tellmatic 1.0.7 Multiple Remote File Inclusion Vulnerabilities CVE-2007-6231
VIM:20071218 Sun JDK Confusion Revisited CVE-2007-2788 CVE-2007-2789
VIM:20080104 true: AGENCY4NET WEBFTP directory traversal; deletion possible CVE-2008-0091
VIM:20080107 Uebimiau Web-Mail 2.7.10/2.7.2 Remote File Disclosure Vulnerability CVE-2008-0140
VIM:20080108 Vendor ACK for CVE-2007-6551 (MailMachine Pro SQL injection) CVE-2007-6551
VIM:20080115 vuldb confusion between OpenPegasus issues CVE-2007-5360 CVE-2008-0003
VIM:20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit CVE-2008-0782
VIM:20080129 Seagull 0.6.3 Remote File Disclosure Vulnerability fixed CVE-2008-0465
VIM:20080131 [Fwd: contactforms "cforms-css.php" Remote File Inclusion] CVE-2008-0560
VIM:20080208 Mambo Component com_gallery Remote SQL Injection Vulnerability CVE-2008-0746
VIM:20080305 false: 123 Flash Chat RFI CVE-2008-1171
VIM:20080514 PHP File Upload Vulnerability with extra Extension CVE-2008-2267
VIM:20080522 Who's Right CVE-2008-2240
VIM:20080618 coffee maker hacks - yes or no? CVE-2008-7173
VIM:20080711 Zen Cart 1.3.8 Multiple Local File Inclusion Vulnerabilities CVE-2008-6877 CVE-2008-6878
VIM:20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC CVE-2008-3257
VIM:20080819 CyBoards PHP uncertainties (RFI/path traversal) CVE-2008-3707 CVE-2008-3709 CVE-2008-3710
VIM:20081002 Fwd: Internet Information Service remote set password CVE-2008-4301
VIM:20081007 root cause for Crux Gallery cookie-handling issue? CVE-2008-4484
VIM:20081106 Vendor dispute / researcher retraction: Agavi (CVE-2008-4920) CVE-2008-4920
VIM:20090120 CVE-2009-0125 (fwd) CVE-2009-0125
VIM:20090130 SOBI2 showbiz SQL injection - false, or site-specific CVE-2009-0380
VIM:20090220 CVE-2008-6157 / Milw0rm 7613 CVE-2008-6157
VIM:20090224 possibly false: CVE-2009-0671 (IMAP c-client format string) CVE-2009-0671
VIM:20090317 false? CVE-2008-6049 / TinyMCE SQL injection CVE-2008-6049
VIM:20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities CVE-2006-4605 CVE-2006-4606 CVE-2006-4607 CVE-2006-4608
VIM:20090611 Why are SE38042 and SE38043 APARs related to security? CVE-2009-2030
VIM:20090616 IIS WebDav Vulnerability CVE ID CVE-2009-1122 CVE-2009-1535
VIM:20090626 false? AN Guestbook LFI CVE-2009-2224
VIM:20090825 @1 File Store PRO SQL injection - the old gray dupe CVE-2006-1278
VIM:20090918 Patch for BigAnt Server Vulnerabilities CVE-2009-4660
VIM:20091028 vendor clarification for CVE-2006-6404 (Innovation DoS) CVE-2006-6404
VIM:20100423 IBM 'REPEAT' BoF advisory - APAR IC65922 CVE-2010-1560
VIM:20100625 some discrepancies: Linker IMG <=1.0 RFI CVE-2010-2456
VIM:20100727 CVE number confusion in HP OV NNM products CVE-2010-2703 CVE-2010-2704
VIM:20100922 MOAUB #15 - PHP MicroCMS 1.0.1 CVE-2010-3481
VIM:20120531 CVE-2012-2951 - believe this is a dupe CVE-2007-6587 CVE-2012-2951
VIM:20130523 [Secunia] ERADAS ER Viewer Stack Based Overflow CVE-2013-3482 CVE-2013-3483
VIM:20130624 CVE-2013-4635 SndToJewish / SdnToJewish function name CVE-2013-4635
VIM:20140129 CVE-2013-6810 / EMC / HP issue is actually Brocade CVE-2013-6810
VIM:20140719 OctavoCMS (CVE-2014-4331) is not always site-specific CVE-2014-4331
VIM:Advanced Poll v2.02 :) <= Remote File Inclusion CVE-2003-1178
VIM:Vendor ACK for CVE-2006-1243 (older Simple PHP Blog) CVE-2006-1243
 
Page Last Updated: August 26, 2014