Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 327 090

Количество 327 090

nvd логотип

CVE-2006-6022

около 19 лет назад

Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6021

около 19 лет назад

SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6020

около 19 лет назад

Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6019

около 19 лет назад

Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6018

около 19 лет назад

PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089. NOTE: this issue is disputed by CVE and third party researchers because INC_PATH is a constant

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6017

около 19 лет назад

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

CVSS3: 6.5
EPSS: Низкий
nvd логотип

CVE-2006-6016

около 19 лет назад

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

CVSS3: 6.5
EPSS: Низкий
nvd логотип

CVE-2006-6015

около 19 лет назад

Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6014

около 19 лет назад

The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact.

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2006-6013

около 19 лет назад

Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2006-6012

около 19 лет назад

Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-6011

около 19 лет назад

Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6010

около 19 лет назад

SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.

CVSS2: 5
EPSS: Средний
nvd логотип

CVE-2006-6009

около 19 лет назад

Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6008

около 19 лет назад

ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2006-6007

около 19 лет назад

save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6006

больше 8 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none

EPSS: Низкий
nvd логотип

CVE-2006-6005

больше 8 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none

EPSS: Низкий
nvd логотип

CVE-2006-6004

больше 8 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none

EPSS: Низкий
nvd логотип

CVE-2006-6003

больше 8 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2006-6022

Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVSS2: 6.8
6%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6021

SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.

CVSS2: 7.5
3%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6020

Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter.

CVSS2: 6.8
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6019

Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS2: 6.8
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6018

PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089. NOTE: this issue is disputed by CVE and third party researchers because INC_PATH is a constant

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

CVSS3: 6.5
3%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6016

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

CVSS3: 6.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6015

Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.

CVSS2: 5
7%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6014

The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact.

CVSS2: 7.2
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6013

Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.

CVSS2: 2.1
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6012

Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 4.3
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6011

Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.

CVSS2: 5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6010

SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.

CVSS2: 5
20%
Средний
около 19 лет назад
nvd логотип
CVE-2006-6009

Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets.

CVSS2: 5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6008

ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.

CVSS2: 6.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6007

save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter.

CVSS2: 5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6006

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none

больше 8 лет назад
nvd логотип
CVE-2006-6005

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none

больше 8 лет назад
nvd логотип
CVE-2006-6004

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none

больше 8 лет назад
nvd логотип
CVE-2006-6003

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none

больше 8 лет назад

Уязвимостей на страницу