Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2006-7204

больше 18 лет назад

The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2006-7203

больше 18 лет назад

The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs").

CVSS2: 4
EPSS: Низкий
nvd логотип

CVE-2006-7202

почти 19 лет назад

The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2006-7201

почти 19 лет назад

EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.

CVSS2: 9.3
EPSS: Низкий
nvd логотип

CVE-2006-7200

почти 19 лет назад

EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.

CVSS2: 9
EPSS: Низкий
nvd логотип

CVE-2006-7199

почти 19 лет назад

EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."

CVSS2: 8.5
EPSS: Низкий
nvd логотип

CVE-2006-7198

почти 19 лет назад

Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2006-7197

почти 19 лет назад

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2006-7196

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

CVSS2: 4.3
EPSS: Высокий
nvd логотип

CVE-2006-7195

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2006-7194

почти 19 лет назад

PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-7193

почти 19 лет назад

PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-7192

почти 19 лет назад

Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2006-7191

почти 19 лет назад

Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2006-7190

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-7189

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-7188

почти 19 лет назад

The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-7187

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-7186

почти 19 лет назад

cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-7185

почти 19 лет назад

PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.

CVSS2: 9.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2006-7204

The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.

CVSS2: 2.1
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2006-7203

The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs").

CVSS2: 4
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2006-7202

The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.

CVSS2: 7.8
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7201

EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.

CVSS2: 9.3
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7200

EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.

CVSS2: 9
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7199

EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."

CVSS2: 8.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7198

Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.

CVSS2: 10
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7197

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

CVSS2: 7.8
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7196

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

CVSS2: 4.3
79%
Высокий
почти 19 лет назад
nvd логотип
CVE-2006-7195

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

CVSS2: 4.3
11%
Средний
почти 19 лет назад
nvd логотип
CVE-2006-7194

PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter.

CVSS2: 6.8
8%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7193

PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7192

Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.

CVSS2: 4.3
25%
Средний
почти 19 лет назад
nvd логотип
CVE-2006-7191

Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.

CVSS2: 7.2
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7190

Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc.

CVSS2: 4.3
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7189

Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer.

CVSS2: 4.3
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7188

The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable.

CVSS2: 5
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7187

Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable.

CVSS2: 4.3
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7186

cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927.

CVSS2: 5
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7185

PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.

CVSS2: 9.3
5%
Низкий
почти 19 лет назад

Уязвимостей на страницу