Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 327 090

Количество 327 090

nvd логотип

CVE-2006-5962

около 19 лет назад

Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5961

около 19 лет назад

Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5960

около 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters. NOTE: portions of these details are obtained from third party information.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-5959

около 19 лет назад

SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5958

около 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-5957

около 19 лет назад

Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5956

около 19 лет назад

XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2006-5955

около 19 лет назад

SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5954

около 19 лет назад

SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5953

около 19 лет назад

SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5952

около 19 лет назад

SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 allows remote attackers to execute arbitrary SQL commands via the Username field.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5951

около 19 лет назад

PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5950

около 19 лет назад

Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-5949

около 19 лет назад

Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-5948

около 19 лет назад

PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2006-5947

около 19 лет назад

Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-5946

около 19 лет назад

SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5945

около 19 лет назад

Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5944

около 19 лет назад

Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2006-5943

около 19 лет назад

Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter.

CVSS2: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2006-5962

Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp.

CVSS2: 7.5
3%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5961

Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable.

CVSS2: 7.5
3%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5960

Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters. NOTE: portions of these details are obtained from third party information.

CVSS2: 6.8
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5959

SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5958

Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp.

CVSS2: 6.8
4%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5957

Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed.

CVSS2: 7.5
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5956

XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.

CVSS2: 2.1
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5955

SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5954

SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.

CVSS2: 7.5
4%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5953

SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid parameter.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5952

SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 allows remote attackers to execute arbitrary SQL commands via the Username field.

CVSS2: 7.5
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5951

PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.

CVSS2: 7.5
3%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5950

Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

CVSS2: 5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5949

Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

CVSS2: 5
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5948

PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.

CVSS2: 7.5
16%
Средний
около 19 лет назад
nvd логотип
CVE-2006-5947

Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

CVSS2: 5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5946

SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter.

CVSS2: 7.5
3%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5945

Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp.

CVSS2: 7.5
4%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5944

Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CVSS2: 6.8
10%
Средний
около 19 лет назад
nvd логотип
CVE-2006-5943

Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter.

CVSS2: 7.5
2%
Низкий
около 19 лет назад

Уязвимостей на страницу