CVE Reference Map for Source VIM
| Source | VIM |
| Description | Vulnerability Information Managers mailing list |
| URL | http://www.attrition.org/pipermail/vim/ |
| Notes |
This reference map lists the various references for VIM and provides the associated CVE entries or candidates. It uses data from CVE version 20061101 and candidates that were active as of 2024-03-26.
Note that the list of references may not be complete.
| VIM:"X-POLL admin By-Pass" - standard PHP upload? | CVE-2006-2281 |
| VIM:20050516 Re: Woltlab Burning Board SQL Injection Vulnerability (fwd) | CVE-2005-1642 |
| VIM:20051029 Saphp Lesson | CVE-2005-3363 |
| VIM:20060105 Vendor ACK: 21370: CS-Cart index.php Multiple Variable SQL Injection (fwd) | CVE-2005-4429 |
| VIM:20060113 Verified TankLogger SQl inject by source inspection | CVE-2006-0209 |
| VIM:20060116 vendor ack/fix: 22198: raSMP index.php User-Agent Field XSS (fwd) | CVE-2006-0084 |
| VIM:20060124 vendor ack/fix - OSVDB ID: 21716 (fwd) | CVE-2005-4293 |
| VIM:20060124 vendor ack/fix: Aquifer CMS Index.asp Keyword Variable XSS (fwd) | CVE-2006-0122 |
| VIM:20060125 The parameter in e-moBLOG is "monthy" [sic] | CVE-2006-0403 |
| VIM:20060127 vendor confirms versions: iNETstore E Commerce Solution - Cross Site Scripting (fwd) | CVE-2006-0116 |
| VIM:20060130 My Little Homepage - source verify of different products | CVE-2006-0471 CVE-2006-0472 CVE-2006-0473 |
| VIM:20060203 vendor ack/fix: 22793: CRE Loaded files.php Unauthenticated Arbitrary File Upload (fwd) | CVE-2006-0478 |
| VIM:20060206 VERIFY Pluggedout Blog 1.9.9c exec.php SQL injection | CVE-2006-0563 |
| VIM:20060206 VERIFY Pluggedout Blog 1.9.9c problem.php XSS | CVE-2006-0562 |
| VIM:20060209 Vendor ACK for MyQuiz | CVE-2006-0628 |
| VIM:20060213 Verified: dot in Miniwebsvr 0.0.6 | CVE-2007-0919 |
| VIM:20060214 vendor ack/fix 22243: Modular Merchant Marketplace Shopping Cart category.php cat Variable XSS (fwd) | CVE-2006-0109 |
| VIM:20060215 EV0074 BirthSys 3.1 SQL injection (fwd) | CVE-2006-0775 |
| VIM:20060216 Recent HP advisories outline BIND problems | CVE-2006-0527 |
| VIM:20060220 vendor dispute for CVE-2006-0669 | CVE-2006-0669 |
| VIM:20060223 old Squid clientAbortBody issue - NOT an overflow? | CVE-2004-2654 |
| VIM:20060303 vendor ack/fix: Honeycomb Archive CategoryResults.cfm Multiple Variable SQL Injection (fwd) | CVE-2005-4419 |
| VIM:20060310 Re: vendor dispute: VCS | CVE-2006-0897 |
| VIM:20060310 vendor dispute: VCS | CVE-2006-0897 |
| VIM:20060313 Oddness - CoreNews 2.0.1 Remote Command Exucetion | CVE-2006-1212 |
| VIM:20060314 vendor dispute: VCS | CVE-2006-1266 |
| VIM:20060317 vendor ack/fix: Sitekit CMS | CVE-2005-4491 |
| VIM:20060318 Source VERIFY - Light Weight Calendar issue is eval injection | CVE-2006-0206 CVE-2006-1252 |
| VIM:20060318 Vendor ACK for Skull-Splitter Guestbook XSS | CVE-2006-1256 |
| VIM:20060322 Free Articles Directory - file inclusion, code execution? | CVE-2006-1350 |
| VIM:20060323 IBM changing significant details? | CVE-2006-1246 |
| VIM:20060324 XHP vendor ack/fix | CVE-2006-1371 |
| VIM:20060326 clarification of "VihorDesign" (not VihorDesing) issues | CVE-2006-1496 CVE-2006-1497 |
| VIM:20060327 Helm Control Panel followup | CVE-2006-1407 |
| VIM:20060327 clarification of "VihorDesign" (not VihorDesing) issues | CVE-2006-1497 |
| VIM:20060328 Conftool, not Canftool; appears to be distributable | CVE-2006-1482 |
| VIM:20060330 Recent unspecified Horde vuln is eval injection | CVE-2006-1491 |
| VIM:20060403 Vendor ACK for VWar issue - VWar used by PhpNuke Clan | CVE-2006-1503 |
| VIM:20060404 FleXiBle Development Script Remote Command Exucetion And XSS Attacking | CVE-2006-1623 |
| VIM:20060410 VEndor ACK: Simple Machines Forum Register.php X-Forwarded-For XSS | CVE-2006-0896 |
| VIM:20060411 ZixForum vendor ack/fix | CVE-2005-4334 |
| VIM:20060412 Multiple vulnerabilities in Blur6ex (fwd) | CVE-2006-1761 CVE-2006-1762 |
| VIM:20060414 Provable vendor ACK for gcards issues | CVE-2006-1346 CVE-2006-1347 CVE-2006-1348 |
| VIM:20060420 LinPHA provenance/acknowledgement | CVE-2006-1923 CVE-2006-1924 |
| VIM:20060423 rwAuction Pro vendor ack/fix | CVE-2005-4060 |
| VIM:20060425 Interesting Scry stuff | CVE-2006-1995 CVE-2006-1996 CVE-2006-2001 |
| VIM:20060427 Instant Photo Gallery <= Multiple XSS (fwd) | CVE-2006-2079 CVE-2006-2080 |
| VIM:20060512 Vendor dispute of CVE-2006-2184 | CVE-2006-2184 |
| VIM:20060517 Unclassified NewsBoard directory traversal variant | CVE-2006-2406 |
| VIM:20060519 Partial details on Invision Power Board (IPB) PHP execution issue | CVE-2006-2498 |
| VIM:20060519 Resolved PHPKB vendor dispute (CVE-2006-2184) | CVE-2006-2184 |
| VIM:20060523 Jemscripts DownloadControl 1.0 - at least 2 separate issues | CVE-2006-2553 |
| VIM:20060527 Helm Control Panel followup | CVE-2005-4747 |
| VIM:20060601 Interlink "news_information.php" XSS (fwd) | CVE-2006-2765 |
| VIM:20060605 # MHG Security Team ---Rumble 1.02 version Remote File Inc. | CVE-2006-2872 |
| VIM:20060606 CS-Cart: request for information (fwd) | CVE-2006-2863 |
| VIM:20060609 [VIM] Update Regarding CVE-2006-1921 (fwd) | CVE-2006-1921 |
| VIM:20060612 misinterpretation? (Re: Vice Stats 0.5b SQL injection) | CVE-2006-2972 CVE-2006-2981 |
| VIM:20060612 verified SQL injection in IntegraMOD 1.4.0 (source inspection) | CVE-2006-2985 |
| VIM:20060612 verify of LabWiki issue (source inspection) | CVE-2006-2968 |
| VIM:20060612 verify of ViArt Shop Free 2.5.5 issue (diff digging) | CVE-2006-2979 CVE-2006-2980 |
| VIM:20060615 Disputed vulnerability: Pixaria, PopPhoto (fwd) | CVE-2006-2395 |
| VIM:20060615 Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities | CVE-2006-3041 |
| VIM:20060615 WS-Album - "PublisedDate" is correct, source verify, new vector | CVE-2006-3020 |
| VIM:20060615 [SECUNIA] Re: 20612 typo? (fwd) | CVE-2006-3049 |
| VIM:20060615 source verify of Minerva (phpbb_root_path) issue | CVE-2006-3028 |
| VIM:20060617 phpjobboard Authecnical admin byPass (fwd) | CVE-2006-7016 |
| VIM:20060619 Re: Moodle issue - invalid vendor ack? and extra vulns | CVE-2006-4785 |
| VIM:20060620 BtitTracker SQL injection vuln. (and PHP mysql_query) | CVE-2006-6972 |
| VIM:20060622 Winamp security vagueness | CVE-2006-3228 |
| VIM:20060626 On SQL injection and PHP mysql_query... | CVE-2006-6972 |
| VIM:20060626 Openwebmail: 2 XSS vulns not one, and some version hints | CVE-2006-3229 CVE-2006-3233 |
| VIM:20060630 IMGallery - "galeria.php" not "galerie.php" | CVE-2006-3163 |
| VIM:20060630 Webmin traversal - changelog | CVE-2006-3392 |
| VIM:20060707 FortiGate issue - "EPSV" not "ESPV" | CVE-2006-3222 |
| VIM:20060711 Re: Webmin traversal - changelog | CVE-2006-3392 |
| VIM:20060720 vendor ack/fix: Actinic Catalog Unspecified .pl Files XSS (fwd) | CVE-2002-1732 |
| VIM:20060723 Igloo DoublSpeak vuln | CVE-2006-3069 |
| VIM:20060724 Vanilla CMS | CVE-2006-3850 |
| VIM:20060725 ListMessenger dispute CVE-2006-3692 | CVE-2006-3692 |
| VIM:20060725 Vanilla CMS | CVE-2006-3850 |
| VIM:20060811 QaTraq multiple cross-site scripting vulnerabilities (fwd) | CVE-2006-3312 |
| VIM:20060811 SquirrelMail issue is dynamic variable evaluation | CVE-2006-4019 |
| VIM:20060814 Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability | CVE-2006-4135 |
| VIM:20060814 vendor dispute: 21687: Jamit Job Board index.php cat Variable SQL Injection (fwd) | CVE-2005-4232 |
| VIM:20060820 bad report for EstateAgent? | CVE-2006-4322 |
| VIM:20060821 CVE-2006-2490 (Mobotix) vendor ACK | CVE-2006-2490 |
| VIM:20060823 Vendor ACK - CVE-2006-3038 (fwd) | CVE-2006-3038 CVE-2006-3039 |
| VIM:20060823 source VERIFY of Shadows Rising RPG file include | CVE-2006-4329 |
| VIM:20060825 Source VERIFY of pSlash 0.7 file include | CVE-2006-4373 |
| VIM:20060828 Jupiter CMS file include - CVE dispute | CVE-2006-4428 |
| VIM:20060829 CuteNews 1.3.* Remote File Include Vulnerability | CVE-2006-4445 |
| VIM:20060829 Jetbox CMS file include - CVE dispute | CVE-2006-4422 |
| VIM:20060829 Sendmail vendor dispute - CVE-2006-4434 (fwd) | CVE-2006-4434 |
| VIM:20060830 22068: Speartek Search Module XSS (fwd) | CVE-2005-4493 |
| VIM:20060901 ModuleBased CMS file include - CVE dispute | CVE-2006-4545 |
| VIM:20060906 ZoneX 1.0.3 File Inclusion - CVE-2006-4036 | CVE-2006-4036 |
| VIM:20060908 Vendor ACK for CVE-2006-2117 (Thyme) | CVE-2006-2117 |
| VIM:20060912 Source VERIFY of MyABraCaDaWeb file inclusion | CVE-2006-4719 |
| VIM:20060919 Dispute - CVE-2006-4759 - PunBB | CVE-2006-4759 |
| VIM:20060919 Moodle issue - invalid vendor ack? and extra vulns | CVE-2006-4785 |
| VIM:20060925 PunBB - more | CVE-2006-4759 |
| VIM:20060926 Kietu 3.2 - Local file inclusion | CVE-2006-5015 |
| VIM:20060926 PHPSaTK remote file inclusion - CVE dispute | CVE-2006-5067 |
| VIM:20060926 PunBB - more | CVE-2006-4759 |
| VIM:20060926 vendor dispute: 21878: Polopoly Search Module XSS (fwd) | CVE-2005-4481 |
| VIM:20060927 MyPhotos includesdir file inclusion - CVE dispute | CVE-2006-5095 |
| VIM:20061002 yblog: distributable product | CVE-2006-5146 |
| VIM:20061003 Concerning CSRF in phpMyAdmin 2.9.0.1 (CVE-2006-5116) | CVE-2006-5116 |
| VIM:20061009 net2ftp: a web based FTP client :) <= Remote File Inclusion (fwd) | CVE-2006-5097 |
| VIM:20061010 phpWebSite 0.10.2 RFI - CVE dispute | CVE-2006-5234 |
| VIM:20061011 Source VERIFY of tagit2b delTagUser.php RFI | CVE-2006-5249 |
| VIM:20061017 Contenido RFI - CVE dispute | CVE-2006-5380 |
| VIM:20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability | CVE-2006-3146 CVE-2006-5405 |
| VIM:20061018 28547: Web Dictate Null Password Authentication Bypass (fwd) | CVE-2006-4603 |
| VIM:20061018 CVE-2006-5402, fishy? | CVE-2006-5402 |
| VIM:20061019 CVE-2006-5402, fishy? | CVE-2006-5402 |
| VIM:20061020 vendor ACK for old YPOPs! issue | CVE-2004-1558 |
| VIM:20061023 PHP file inclusions in PHP Developer Library 1.5.3 (some disputed) | CVE-2006-5473 |
| VIM:20061023 Source VERIFY - speedberg RFI | CVE-2006-5485 |
| VIM:20061024 CONFIRM: JaxUltraBB PHP/HTML/webscript injection | CVE-2006-5511 |
| VIM:20061024 PHP file inclusions in PHP Developer Library 1.5.3 (some disputed) | CVE-2006-5473 |
| VIM:20061024 Vendor ACK for LearnCenter XSS (CVE-2006-4540) | CVE-2006-4540 |
| VIM:20061025 CONFIRM: OTSCMS file inclusions - PHP5 __autoload | CVE-2006-5546 CVE-2006-5547 CVE-2006-5548 |
| VIM:20061026 Source VERIFY: PHP Generator of Object SQL Database RFI | CVE-2006-5543 |
| VIM:20061026 parameter name error in vuln DBs for EPNadmin | CVE-2006-5555 |
| VIM:20061031 Ig-shop change_pass.php XSS - 2 vectors | CVE-2006-5631 CVE-2006-5632 |
| VIM:20061031 Likely vendor fix for Faq Administrator 2.1b | CVE-2006-5637 |
| VIM:20061102 CVE dispute - phpMyConferences RFI | CVE-2006-5678 |
| VIM:20061102 Source VERIFY and patch for gepi RFI | CVE-2006-5669 |
| VIM:20061103 Zwahlen Online Shop | CVE-2006-5512 CVE-2006-5534 |
| VIM:20061106 DISPUTE: PHP file inclusion in Ariadne 2.4.1 | CVE-2006-5776 |
| VIM:20061106 RE: DISPUTE: PHP file inclusion in Ariadne 2.4.1 | CVE-2006-5776 |
| VIM:20061107 Minimizing error cascades in vulnerability information management | CVE-2006-2431 |
| VIM:20061108 MiniBill 2 RFI ack | CVE-2006-4489 |
| VIM:20061114 Source VERIFY - encapscms 0.3.6 RFI | CVE-2006-5895 |
| VIM:20061114 source verify of "Ban v0.1" SQL injection | CVE-2006-5907 |
| VIM:20061117 Fwd: My-BIC => 0.6.5 Remote File Include Vulnerability Exploit | CVE-2006-6018 |
| VIM:20061121 CVE dispute for Bloo RFI | CVE-2006-6023 |
| VIM:20061128 PMOS Help Desk/etc. SQL injection - source verify and more info | CVE-2006-6158 |
| VIM:20061128 [Aria-Security Team] iNews News Manager SQL Injection | CVE-2006-6274 |
| VIM:20061130 Wabbit directory traversal - uncertain impact; enomphp uncertainty | CVE-2006-6185 CVE-2006-6186 |
| VIM:20061130 source VERIFY - PEGames RFI | CVE-2006-6213 |
| VIM:20061201 Old PHP-Nuke/PostNuke SQL injection issues - clarification | CVE-2006-6234 |
| VIM:20061201 ltwCalendar = PHP Event Calendar, and vendor ACK | CVE-2005-4011 |
| VIM:20061204 snif RFI curiosity | CVE-2006-6285 |
| VIM:20061206 Source verify of mg.applanix RFI | CVE-2006-6341 |
| VIM:20061206 Vendor dispute: infinicart (CVE-2006-5957) | CVE-2006-5957 |
| VIM:20061206 awrate 1.0 search.php RFI - source verify, small wrinkle | CVE-2006-6368 |
| VIM:20061207 Vendor dispute - CVE-2006-5840 (abarcar Realty Portal) | CVE-2006-5840 |
| VIM:20061208 CVE dispute - phpAdsNew PHP file inclusion | CVE-2006-6415 |
| VIM:20061211 GraceNote CDDBControl (CVE-2006-3134) = CDDBAOLControl (CVE-2006-6442) | CVE-2006-6442 |
| VIM:20061214 mxBB Module mx_profilecp 0.91 Remote File Include Vulnerability | CVE-2006-6566 |
| VIM:20061215 Media .MID file DoS extra info | CVE-2006-6601 |
| VIM:20061217 Source VERIFY of Barman interface.php/basepath RFI | CVE-2006-6611 |
| VIM:20061217 Source VERIFY of phpmycms basic.inc.php/basepath_start RFI | CVE-2006-6612 |
| VIM:20061219 Possible HyperVM vendor dispute - but of severity or existence? | CVE-2006-6649 |
| VIM:20061219 abarcar vendor statement on CVE-2006-5840 | CVE-2006-5840 |
| VIM:20061220 Provable vendor ACK for Album Photo Sans Nom traversal issue | CVE-2006-5320 |
| VIM:20061222 Source verify of PowerClan RFI | CVE-2006-6715 |
| VIM:20061226 MINI WEB SHOP vuln report - incomplete researcher diagnosis | CVE-2006-6734 CVE-2006-6735 |
| VIM:20061226 Vendor ACK (basically) for Drake CMS RFI (CVE-2006-5767) | CVE-2006-5767 |
| VIM:20061226 Vendor dispute for Animated Smiley Generator RFI (CVE-2006-6541) | CVE-2006-6541 |
| VIM:20070103 Provable vendor ACK for CVE-2006-6810 (DB Hub DoS) | CVE-2006-6810 |
| VIM:20070104 CVE Dispute - PHPIrc_bot PHP file inclusion | CVE-2006-6883 |
| VIM:20070104 CVE dispute of Enigma WordPress RFI | CVE-2006-6863 |
| VIM:20070104 Source VERIFY of Enigma Coppermine Bridge RFI | CVE-2006-6864 |
| VIM:20070106 vendor ack: SolidState RFI | CVE-2006-5020 |
| VIM:20070108 Source verify - Coppermine Photo Gallery <= 1.4.10 code injection | CVE-2007-0115 |
| VIM:20070108 Source verify of Aratix RFI | CVE-2007-0135 |
| VIM:20070109 "ppc engine" is WGS-PPC | CVE-2007-0167 |
| VIM:20070110 Dispute of GeoBB RFI | CVE-2007-0189 |
| VIM:20070110 Vulnerable: sazcart v1.5 (cart.php) Remote File include | CVE-2006-5727 |
| VIM:20070110 [bogus] [ahmed_labib_hilmy at yahoo.com: CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability] (fwd) | CVE-2007-0230 |
| VIM:20070110 source verify - Axiom RFI | CVE-2007-0200 |
| VIM:20070112 Fwd: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability | CVE-2007-0260 |
| VIM:20070112 Source Verify of LunarPoll PollDir RFI | CVE-2007-0298 |
| VIM:20070112 [Bogus - partly] V TLM CMS <= 1.1 (i-accueil.php chemin) Remote File Include Vulnerability (fwd) | CVE-2007-0300 |
| VIM:20070115 [Bogus] [ilkerkandemir at mynet.com: Trevorchan <= v0.7 Remote File Include Vulnerability] (fwd) | CVE-2007-0863 |
| VIM:20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection | CVE-2007-0339 CVE-2007-0346 CVE-2007-0350 |
| VIM:20070118 source verify: Uberghey CMS 0.3.1 RFI | CVE-2007-0359 |
| VIM:20070118 vendor ACK for MGB Guestbook issue | CVE-2007-0354 |
| VIM:20070122 a-forum xss - who? what? where? | CVE-2007-0398 |
| VIM:20070122 old OdysseusBlog XSS report - possibly incorrect | CVE-2006-6951 |
| VIM:20070129 [still bogus] V [mike at carstein.kill-9.pl: Re: Open Conference Systems = 2.8.2 Remote File Inclusion] (fwd) | CVE-2007-0649 |
| VIM:20070131 Partial source code verify - "RBL - ASP" scripts SQL injection | CVE-2007-0642 CVE-2007-0784 |
| VIM:20070131 VERIFY of RFI and XSS in OpenEMR 2.8.2 (was [still bogus] V [mike at carstein.kill-9.pl: Re: Open Conference Systems = 2.8.2 Remote File Inclusion]) | CVE-2007-0649 |
| VIM:20070201 Fwd: php web portail [remote file include & local file include] | CVE-2007-0699 CVE-2007-0700 |
| VIM:20070201 True: Somery 0.4.6 (skindir install.php) Remote file include | CVE-2007-0704 |
| VIM:20070201 true but: SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability | CVE-2006-4733 |
| VIM:20070201 true: Epistemon 1.0 <= Remote File Include Vulnerability | CVE-2007-0701 |
| VIM:20070201 true: WebBuilder <= 2.0 Remote File Include Vulnerability | CVE-2007-0703 |
| VIM:20070201 true: phpEventMan RFI Vuln. | CVE-2007-0702 |
| VIM:20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude]) | CVE-2007-0700 |
| VIM:20070202 phpBB++ Build 100 (phpbb_root_path) Remote File Include Exploit | CVE-2007-0762 |
| VIM:20070202 true: DreamStats V 4.2=(index.php)=>Remote File Include | CVE-2007-0757 |
| VIM:20070202 true: phpBB ezBoard converter 0.2 (ezconvert_dir) Remote File Include Exploit | CVE-2007-0761 |
| VIM:20070203 FLIP SQL injection clarification | CVE-2007-0695 |
| VIM:20070207 false: Agermenu 0.03 | CVE-2007-0837 |
| VIM:20070207 true: Agermenu 0.03 | CVE-2007-0848 |
| VIM:20070207 true: Categories hierarchy class_template.php RFI | CVE-2007-0809 |
| VIM:20070207 true: WebMatic 2.6 RFI | CVE-2007-0839 |
| VIM:20070207 true: agermenu | CVE-2007-0837 |
| VIM:20070207 true: months-old CentiPaid absolute_path RFI | CVE-2006-6976 |
| VIM:20070211 FreeRADIUS dispute of CVE-2007-0080 | CVE-2007-0080 |
| VIM:20070212 CVE dispute - old Somery team.php RFI | CVE-2006-7006 |
| VIM:20070213 true: AT Contenator <= v1.0 (Root_To_Script) Remote File Include Exploit | CVE-2007-0983 |
| VIM:20070213 true: [Full-disclosure] Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb) | CVE-2007-0929 |
| VIM:20070214 false: old Develooping Flash Chat RFI | CVE-2006-7011 |
| VIM:20070214 false: old Jobline RFI | CVE-2006-7015 |
| VIM:20070215 [milw0rm] exploit 3305 | CVE-2007-0873 |
| VIM:20070216 PBLang 4.60 <= (index.php) Remote File Include Vulnerability | CVE-2007-1052 |
| VIM:20070220 [True] Meganoide's news v1.1.1 < = RFi Vulnerabilities | CVE-2007-1024 |
| VIM:20070220 false: phpXmms 1.0 (tcmdp) Remote File Include Vulnerabilities | CVE-2007-1053 |
| VIM:20070221 [unsure] MediaWiki Cross-site Scripting | CVE-2007-1054 |
| VIM:20070222 Source verify and clarification of old bookmark4u SQL injection | CVE-2006-7025 |
| VIM:20070222 Verisign ConfigChk ActiveX Overflow(s) | CVE-2007-1083 |
| VIM:20070222 [TRUE] Call Center Software - Remote Xss Post Exploit - | CVE-2007-1161 |
| VIM:20070222 [TRUE] Nabopoll Blind SQL Injection vulnerabilies | CVE-2007-1166 |
| VIM:20070222 [true] phpTrafficA-1.4.1 Local File Inclusion | CVE-2007-1076 |
| VIM:20070223 Verisign ConfigChk ActiveX Overflow(s) | CVE-2007-1083 |
| VIM:20070227 Verified: arabhost function.php RFI | CVE-2007-1146 |
| VIM:20070227 WebMplayer "eval injection" is actually OS command injection | CVE-2007-1136 |
| VIM:20070301 phpProfiles vendor ack | CVE-2006-6740 |
| VIM:20070303 Keyword Replacer plugin RFI seems to be fixed | CVE-2006-7156 |
| VIM:20070303 Novell BorderManager ISAKMP issue smells like a dupe | CVE-2006-7155 |
| VIM:20070307 Bogus - [c_r_ck at hotmail.com: Lazarus Guestbook (admin.php)Remote File Include Expliot] | CVE-2007-1486 |
| VIM:20070314 SQL injection (x2) in NukeSentinel | CVE-2007-1172 CVE-2007-1493 |
| VIM:20070314 [TRUE] Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability | CVE-2007-1657 |
| VIM:20070314 [false] Remote File Include In Script PHP Photo Album | CVE-2007-1456 |
| VIM:20070315 [ECHO_ADV_75$2007] Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability | CVE-2007-1472 |
| VIM:20070319 Bogus - [CLBOX <= (signup.php header) Remote File Include Vulnerability] | CVE-2007-1631 |
| VIM:20070320 WebAPP Audit | CVE-2007-1489 |
| VIM:20070322 WebAPP Audit | CVE-2007-1827 CVE-2007-1828 CVE-2007-1831 CVE-2007-1832 |
| VIM:20070323 Helix Server LoadTestPassword Overflow | CVE-2006-6026 |
| VIM:20070323 Mambo Module uhp 0.3 (uhp_config.php) Remote File Inclusion Exploit | CVE-2006-3995 |
| VIM:20070323 Re: Mambo Module uhp 0.3 (uhp_config.php) Remote File Inclusion Exploit | CVE-2006-3995 |
| VIM:20070323 Root cause of NPDS SQL injection is variable extraction/evaluation | CVE-2007-1634 |
| VIM:20070324 Helix Server LoadTestPassword Overflow | CVE-2006-6026 |
| VIM:20070324 Vendor ACK for FTPx DoS (CVE-2007-1082) | CVE-2007-1082 |
| VIM:20070326 Confirm - Mambo 4.5.1 Modules Flatmenu <= 1.07 Remote File Include Exploit | CVE-2007-1702 |
| VIM:20070327 "File Upload" seems to be "Free File Hosting" | CVE-2006-5762 CVE-2006-5763 CVE-2006-5764 |
| VIM:20070329 iPhotoAlbum v1.1(header.php)Remote File Include Vulnerability | CVE-2005-2246 |
| VIM:20070402 [true] BT-Sondage-v112 RFI | CVE-2007-1812 |
| VIM:20070402 [true] CWB pro 1.5 INCLUDE_PATH RFI | CVE-2007-1809 |
| VIM:20070403 Bogus - [Xoops Module Virii Info <= 1.10 (index.php) Remote File Include Exploit] | CVE-2007-1976 |
| VIM:20070403 [false] Remote File Include In Script stat12 | CVE-2007-1967 |
| VIM:20070405 true: XOOPS Module Jobs <= 2.4 (cid) SQL Injection Exploit | CVE-2007-2370 |
| VIM:20070406 false: phpContact Multiple Remote File Inclusion Vulnerabilities | CVE-2007-1924 |
| VIM:20070410 True: MyBlog games.php RFI | CVE-2007-1968 |
| VIM:20070410 false: phpGalleryScript 1.0 - File Inclusion Vulnerabilities | CVE-2007-2019 |
| VIM:20070411 Confirm: Joomla/Mambo Component Taskhopper 1.1 RFI Vulnerabilities | CVE-2007-2005 |
| VIM:20070411 Cyboards PHP RFI: true for 1.21, fixed in at least 1.25 | CVE-2007-1983 |
| VIM:20070411 Rediscovery: Flexphpnews news.php/newsid SQL injection | CVE-2005-1237 |
| VIM:20070411 WF-Sections SQL injection vendor ack; shows up in other modules | CVE-2007-1974 |
| VIM:20070411 [false] Remote File Include In Script stat12 | CVE-2007-1967 |
| VIM:20070411 true: Request It : Song Request System 1.0b RFI | CVE-2007-2015 |
| VIM:20070412 dispute: older CyBoards common.php RFI (CVE-2006-2871) | CVE-2006-2871 |
| VIM:20070412 probably false: xodagallery execution claim | CVE-2007-2020 |
| VIM:20070412 true: SimpCMS Light RFI | CVE-2007-2009 |
| VIM:20070413 DUP?: [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke | CVE-2006-4142 CVE-2007-2312 |
| VIM:20070413 Dup: TOSMO/Mambo 1.4.13a (absolute_path) Remote File Inclusion Vulns | CVE-2007-2317 |
| VIM:20070414 false: Maian Search v1.1 | CVE-2007-2077 |
| VIM:20070414 true until installed: MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities | CVE-2006-4849 CVE-2007-2084 |
| VIM:20070415 false: Back-End CMS Database Tables v0.4.7 Remote File Include Vulnerabilities | CVE-2007-2097 |
| VIM:20070415 false: Maian Gallery v1.0 | CVE-2007-2076 |
| VIM:20070415 false: Maian Weblog v3.1 | CVE-2007-2078 |
| VIM:20070415 false: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy | CVE-2007-2311 |
| VIM:20070415 false: phpMyChat-0.14.5 | CVE-2007-2477 |
| VIM:20070416 false: phpMyChat-0.14.5 | CVE-2007-2477 |
| VIM:20070417 Bugtraq 23534 | CVE-2007-2679 |
| VIM:20070417 False: Joomla/Mambo Jambook v1.0 beta7 Rfi Vuln. | CVE-2007-2196 |
| VIM:20070417 Not Quite: Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit | CVE-2007-2072 CVE-2007-2073 |
| VIM:20070418 [uncertain] (mostly) phpFaber TopSitespath traversal | CVE-2007-2155 |
| VIM:20070422 false: turbolence core 0.0.1 alpha Remote File Inclusion | CVE-2007-2503 CVE-2007-2504 |
| VIM:20070422 vendor ack/clarification for CVE-2007-1888 (SQLite) | CVE-2007-1888 |
| VIM:20070425 [false but true] "Allfaclassfieds" RFI no; PHP Classifieds yes | CVE-2007-2254 |
| VIM:20070425 [true] Quick and Dirty Blog RFI | CVE-2007-2304 |
| VIM:20070426 False: ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure | CVE-2007-2285 |
| VIM:20070426 Re: False: ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure | CVE-2007-2285 |
| VIM:20070426 re: False: ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure | CVE-2007-2285 |
| VIM:20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK | CVE-2007-1643 CVE-2007-2205 |
| VIM:20070427 Apache AXIS Non-Existent Java Web Service Path Disclosure? | CVE-2007-2353 |
| VIM:20070427 FALSE -> 2bgal RFI | CVE-2007-1852 |
| VIM:20070427 FALSE -> PHP Point of Sale (osCommerce) LFI | CVE-2007-1477 |
| VIM:20070427 What the *#$(! -- b2evolution RFI [False] | CVE-2007-2358 |
| VIM:20070429 false: Seir Anphin (file.php a[filepath]) Remote File Disclosure Vulnerability | CVE-2007-2412 |
| VIM:20070501 TCExam - 'XSS' is dynamic variable evaluation; vendor patch | CVE-2007-2431 |
| VIM:20070501 TCExam code injection: why does this work? (and vendor ACK) | CVE-2007-2430 |
| VIM:20070502 true: firefly RFI, both doc_root and DOCUMENT_ROOT | CVE-2007-2456 CVE-2007-2460 |
| VIM:20070503 True: Flip-search-add-on everything.php incpath RFI | CVE-2007-2140 |
| VIM:20070503 true: 1024 CMS LFI: fun protection scheme failure | CVE-2007-2507 |
| VIM:20070507 Mostly True: phpChess Community Edition 2.0 RFI | CVE-2007-2677 |
| VIM:20070507 TRUE: Open Translation Engine (OTE) 0.7.8 RFI (+ XSS) | CVE-2007-2676 |
| VIM:20070508 FALSE -> DynamicPAD HomeDir RFI | CVE-2007-2527 |
| VIM:20070508 Reneged: RE: FALSE -> DynamicPAD HomeDir RFI | CVE-2007-2527 |
| VIM:20070508 false: phpHoo3 Login SQL injection | CVE-2007-2534 |
| VIM:20070509 21371: GhostScripter Amazon Shop search.php query Variable XSS (fwd) | CVE-2005-3908 |
| VIM:20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552) | CVE-2007-2552 |
| VIM:20070509 probably false: pfa RFI | CVE-2007-2558 |
| VIM:20070509 true: ACGV Annu (rubrik) LFI | CVE-2007-2560 |
| VIM:20070509 true: Wikivi5 RFI | CVE-2007-2570 |
| VIM:20070511 probably false: SchoolBoard (admin.php) SQL injection | CVE-2007-2626 |
| VIM:20070513 true: R2K Gallery LFI | CVE-2007-2642 |
| VIM:20070514 shared code incolving pcltar.lib.php/g_pcltar_lib_dir RFI | CVE-2007-2199 CVE-2007-2660 |
| VIM:20070516 CVE-2007-1375 additional vector? | CVE-2007-2748 |
| VIM:20070522 true (with errors): ol'bookmarks RFI | CVE-2007-2816 |
| VIM:20070524 probably true: SimpGB RFI, likely dynamic variable evaluation | CVE-2007-2859 |
| VIM:20070530 true: Vistered Little 1.6a directory traversal | CVE-2007-2934 |
| VIM:20070531 wrong but true: "webCMS" database disclosure is actually for wabCMS | CVE-2007-2944 |
| VIM:20070601 true: AdminBot-MX RFI | CVE-2007-2986 |
| VIM:20070602 [VIM] True: XOOPS Module icontent v.1.0 Remote File Inclusion Exploit (Milw0rm 4022) | CVE-2007-3057 |
| VIM:20070614 Sitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability | CVE-2007-3228 |
| VIM:20070614 true: XOOPS Modules Horoscope RFI | CVE-2007-3236 |
| VIM:20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit | CVE-2007-0134 |
| VIM:20070620 bit amusing (Contact Form 2.00.02) | CVE-2007-3352 |
| VIM:20070626 vendor ACK for phpTrafficA issues | CVE-2007-3425 CVE-2007-3426 CVE-2007-3427 |
| VIM:20070627 Web-APP.org feedback on CVE-2007-3242 | CVE-2007-3242 |
| VIM:20070628 Regarding Web-APP.org WebAPP CVE Entry Details | CVE-2007-3416 |
| VIM:20070628 Vendor ACK for CVE-2007-3431 (Dagger web engine) | CVE-2007-3431 |
| VIM:20070703 Sun JDK Confusion | CVE-2007-2788 CVE-2007-2789 |
| VIM:20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd) | CVE-2007-2788 CVE-2007-2789 |
| VIM:20070710 AVTutorial 1.0 changePW.php vulnerabilities | CVE-2007-3630 CVE-2007-3691 |
| VIM:20070710 SquirrelMail GPG Plugin Vulnerabilities | CVE-2007-3634 CVE-2007-3635 CVE-2007-3636 CVE-2007-3778 CVE-2007-3779 |
| VIM:20070710 Vendor ACK: CVE-2007-2017 (AlstraSoft useredit.php auth bypass) | CVE-2007-2017 |
| VIM:20070710 Vendor dispute - Google Custom Search Engine XSS (CVE-2007-3484) | CVE-2007-3484 |
| VIM:20070711 Sun JDK Confusion | CVE-2007-2788 CVE-2007-2789 |
| VIM:20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln | CVE-2005-1924 CVE-2007-3778 |
| VIM:20070718 Confirm: Joomla Component Expose <= RC35 Remote File Upload Vulnerability | CVE-2007-3932 |
| VIM:20070718 Vendor ACK for CVE-2007-3677 (eVisit Analyst) | CVE-2007-3677 |
| VIM:20070724 zoo - amavis - barracuda cross-ref problems | CVE-2007-1669 |
| VIM:20070730 Adult Directory - site-specific? | CVE-2007-4056 |
| VIM:20070730 Remote File Inclusion: it's not just for PHP anymore | CVE-2007-4067 |
| VIM:20070731 WTF: BellaBiblio Admin Login Bypass | CVE-2007-4230 |
| VIM:20070731 WTF: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability | CVE-2007-4127 |
| VIM:20070731 WTF: phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability | CVE-2007-4117 |
| VIM:20070731 true: Madoa RFI | CVE-2007-4101 |
| VIM:20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure | CVE-2007-4180 CVE-2007-4181 |
| VIM:20070809 true with clarification: fishcart RFI | CVE-2007-4287 |
| VIM:20070809 vendor ACK - Advanced Searchbar - CVE-2007-4250 | CVE-2007-4250 |
| VIM:20070814 uncertain: FCMS (Family Connections) code execution | CVE-2007-4338 |
| VIM:20070818 Recent DB2 Vulnerabilities | CVE-2007-1086 CVE-2007-1087 CVE-2007-1088 CVE-2007-1089 CVE-2007-4270 CVE-2007-4271 CVE-2007-4272 CVE-2007-4273 CVE-2007-4275 CVE-2007-4276 CVE-2007-4417 CVE-2007-4418 CVE-2007-4423 |
| VIM:20070823 ACK for CVE-2007-3056 (WebSVN) | CVE-2007-3056 |
| VIM:20070823 vendor ACK for CVE-2007-4338 (Familr Connections) | CVE-2007-4338 |
| VIM:20070823 vim editor duplicates / clarifications | CVE-2007-2953 |
| VIM:20070824 uh-oh: local file inclusion from insecure permissions | CVE-2007-4536 |
| VIM:20070911 true: fuzzylime (cms) path traversal | CVE-2007-4805 |
| VIM:20070918 true: Focus/SIS RFI's (both vectors) | CVE-2007-4806 CVE-2007-4942 |
| VIM:20070924 CMS Made Simple eval injection is really an ADOdb Lite problem | CVE-2007-5056 |
| VIM:20070926 true: sk.log 0.5.3 RFI | CVE-2007-5089 |
| VIM:20070928 CVE-2007-5125 - dupe | CVE-2007-1171 |
| VIM:20071001 Bogus: Segue CMS <= 1.8.4 index.php Remote File Inclusion Vulnerability | CVE-2007-5186 |
| VIM:20071001 Bogus: mxBB Module mx_glance 2.3.3 Remote File Include Vulnerability | CVE-2007-5178 |
| VIM:20071006 smells false: phpFreeLog RFI | CVE-2007-5258 |
| VIM:20071009 Joomla Flash Image Gallery Component RFI Vulnerability | CVE-2007-5309 |
| VIM:20071011 false: Joomla! swMenuFree 4.6 Component Remote File Include | CVE-2007-5389 |
| VIM:20071012 clarification on multiple Tk overflow issues | CVE-2007-5137 CVE-2007-5378 |
| VIM:20071016 true: WebMod 0.48 XSS | CVE-2007-5477 |
| VIM:20071018 true: Galmeta Post 0.11 RFI | CVE-2007-5567 |
| VIM:20071030 Clarification on old QEMU/NE2000/Xen issues | CVE-2007-1321 CVE-2007-5729 CVE-2007-5730 |
| VIM:20071030 RealPlayer Updates of October 25, 2007 | CVE-2007-2263 CVE-2007-2264 CVE-2007-3410 CVE-2007-4599 CVE-2007-5080 CVE-2007-5081 |
| VIM:20071031 phpMyConferences <= 8.0.2 Remote File Disclosure Vulnerability | CVE-2007-5811 |
| VIM:20071203 CVE-2007-4158 == CVE-2007-5553? | CVE-2007-4158 |
| VIM:20071203 tellmatic 1.0.7 Multiple Remote File Inclusion Vulnerabilities | CVE-2007-6231 |
| VIM:20071218 Sun JDK Confusion Revisited | CVE-2007-2788 CVE-2007-2789 |
| VIM:20080104 true: AGENCY4NET WEBFTP directory traversal; deletion possible | CVE-2008-0091 |
| VIM:20080107 Uebimiau Web-Mail 2.7.10/2.7.2 Remote File Disclosure Vulnerability | CVE-2008-0140 |
| VIM:20080108 Vendor ACK for CVE-2007-6551 (MailMachine Pro SQL injection) | CVE-2007-6551 |
| VIM:20080115 vuldb confusion between OpenPegasus issues | CVE-2007-5360 CVE-2008-0003 |
| VIM:20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit | CVE-2008-0782 |
| VIM:20080129 Seagull 0.6.3 Remote File Disclosure Vulnerability fixed | CVE-2008-0465 |
| VIM:20080131 [Fwd: contactforms "cforms-css.php" Remote File Inclusion] | CVE-2008-0560 |
| VIM:20080208 Mambo Component com_gallery Remote SQL Injection Vulnerability | CVE-2008-0746 |
| VIM:20080305 false: 123 Flash Chat RFI | CVE-2008-1171 |
| VIM:20080514 PHP File Upload Vulnerability with extra Extension | CVE-2008-2267 |
| VIM:20080522 Who's Right | CVE-2008-2240 |
| VIM:20080618 coffee maker hacks - yes or no? | CVE-2008-7173 |
| VIM:20080711 Zen Cart 1.3.8 Multiple Local File Inclusion Vulnerabilities | CVE-2008-6877 CVE-2008-6878 |
| VIM:20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC | CVE-2008-3257 |
| VIM:20080819 CyBoards PHP uncertainties (RFI/path traversal) | CVE-2008-3707 CVE-2008-3709 CVE-2008-3710 |
| VIM:20081002 Fwd: Internet Information Service remote set password | CVE-2008-4301 |
| VIM:20081007 root cause for Crux Gallery cookie-handling issue? | CVE-2008-4484 |
| VIM:20081106 Vendor dispute / researcher retraction: Agavi (CVE-2008-4920) | CVE-2008-4920 |
| VIM:20090120 CVE-2009-0125 (fwd) | CVE-2009-0125 |
| VIM:20090130 SOBI2 showbiz SQL injection - false, or site-specific | CVE-2009-0380 |
| VIM:20090220 CVE-2008-6157 / Milw0rm 7613 | CVE-2008-6157 |
| VIM:20090224 possibly false: CVE-2009-0671 (IMAP c-client format string) | CVE-2009-0671 |
| VIM:20090317 false? CVE-2008-6049 / TinyMCE SQL injection | CVE-2008-6049 |
| VIM:20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities | CVE-2006-4605 CVE-2006-4606 CVE-2006-4607 CVE-2006-4608 |
| VIM:20090611 Why are SE38042 and SE38043 APARs related to security? | CVE-2009-2030 |
| VIM:20090616 IIS WebDav Vulnerability CVE ID | CVE-2009-1122 CVE-2009-1535 |
| VIM:20090626 false? AN Guestbook LFI | CVE-2009-2224 |
| VIM:20090825 @1 File Store PRO SQL injection - the old gray dupe | CVE-2006-1278 |
| VIM:20090918 Patch for BigAnt Server Vulnerabilities | CVE-2009-4660 |
| VIM:20091028 vendor clarification for CVE-2006-6404 (Innovation DoS) | CVE-2006-6404 |
| VIM:20100423 IBM 'REPEAT' BoF advisory - APAR IC65922 | CVE-2010-1560 |
| VIM:20100625 some discrepancies: Linker IMG <=1.0 RFI | CVE-2010-2456 |
| VIM:20100727 CVE number confusion in HP OV NNM products | CVE-2010-2703 CVE-2010-2704 |
| VIM:20100922 MOAUB #15 - PHP MicroCMS 1.0.1 | CVE-2010-3481 |
| VIM:20120531 CVE-2012-2951 - believe this is a dupe | CVE-2007-6587 CVE-2012-2951 |
| VIM:20130523 [Secunia] ERADAS ER Viewer Stack Based Overflow | CVE-2013-3482 CVE-2013-3483 |
| VIM:20130624 CVE-2013-4635 SndToJewish / SdnToJewish function name | CVE-2013-4635 |
| VIM:20140129 CVE-2013-6810 / EMC / HP issue is actually Brocade | CVE-2013-6810 |
| VIM:20140719 OctavoCMS (CVE-2014-4331) is not always site-specific | CVE-2014-4331 |
| VIM:Advanced Poll v2.02 :) <= Remote File Inclusion | CVE-2003-1178 |
| VIM:Vendor ACK for CVE-2006-1243 (older Simple PHP Blog) | CVE-2006-1243 |
