Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 330 380

Количество 330 380

nvd логотип

CVE-2006-6930

около 19 лет назад

SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6929

около 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6928

около 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6927

около 19 лет назад

Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. NOTE: some of these details are obtained from third party information.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6926

около 19 лет назад

Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2006-6925

около 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6924

около 19 лет назад

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6923

около 19 лет назад

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6922

около 19 лет назад

SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6921

около 19 лет назад

Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2006-6920

около 19 лет назад

Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6919

около 19 лет назад

Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6918

около 19 лет назад

Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2006-6917

около 19 лет назад

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2006-6916

около 19 лет назад

Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6915

около 19 лет назад

ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.

CVSS2: 4
EPSS: Низкий
nvd логотип

CVE-2006-6914

около 19 лет назад

Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6913

около 19 лет назад

Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6912

около 19 лет назад

SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6911

около 19 лет назад

SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.

CVSS2: 6
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2006-6930

SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6929

Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.

CVSS2: 6.8
6%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6928

Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp.

CVSS2: 6.8
5%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6927

Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. NOTE: some of these details are obtained from third party information.

CVSS2: 7.5
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6926

Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 10
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6925

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.

CVSS2: 6.8
9%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6924

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.

CVSS2: 5
7%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6923

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6922

SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS2: 7.5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6921

Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.

CVSS2: 2.1
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6920

Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.

CVSS2: 6.8
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6919

Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.

CVSS2: 6.8
5%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6918

Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.

CVSS2: 10
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6917

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.

CVSS2: 10
51%
Средний
около 19 лет назад
nvd логотип
CVE-2006-6916

Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."

CVSS2: 7.5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6915

ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.

CVSS2: 4
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6914

Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.

CVSS2: 5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6913

Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6912

SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.

CVSS2: 7.5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6911

SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.

CVSS2: 6
1%
Низкий
около 19 лет назад

Уязвимостей на страницу