Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 342

Количество 331 342

nvd логотип

CVE-2006-6234

около 19 лет назад

Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6233

около 19 лет назад

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6232

около 19 лет назад

PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6231

около 19 лет назад

vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6230

около 19 лет назад

SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6229

около 19 лет назад

Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6228

около 19 лет назад

Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6227

около 19 лет назад

The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6226

около 19 лет назад

Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6225

около 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.

CVSS2: 5.1
EPSS: Средний
nvd логотип

CVE-2006-6224

около 19 лет назад

PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6223

около 19 лет назад

Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-6222

около 19 лет назад

Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2006-6221

около 19 лет назад

2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6220

около 19 лет назад

Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6219

около 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in index.php in dev4u CMS allow remote attackers to inject arbitrary web script or HTML via the (1) user_name, (2) passwort, and (3) go_target parameters.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6218

около 19 лет назад

Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6217

около 19 лет назад

PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the module_name parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6216

около 19 лет назад

SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hacks List 1.21 and earlier phpBB module allows remote attackers to execute arbitrary SQL commands via the hack_id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6215

около 19 лет назад

Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php.

CVSS2: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2006-6234

Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6233

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.

CVSS2: 7.5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6232

PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

CVSS2: 7.5
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6231

vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message.

CVSS2: 5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6230

SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6229

Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.

CVSS2: 5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6228

Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

CVSS2: 6.8
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6227

The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference.

CVSS2: 5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6226

Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp.

CVSS2: 7.5
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6225

Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.

CVSS2: 5.1
12%
Средний
около 19 лет назад
nvd логотип
CVE-2006-6224

PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6223

Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.

CVSS2: 4.3
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6222

Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix.

CVSS2: 10
39%
Средний
около 19 лет назад
nvd логотип
CVE-2006-6221

2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6220

Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php.

CVSS2: 6.8
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6219

Multiple cross-site scripting (XSS) vulnerabilities in index.php in dev4u CMS allow remote attackers to inject arbitrary web script or HTML via the (1) user_name, (2) passwort, and (3) go_target parameters.

CVSS2: 6.8
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6218

Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6217

PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the module_name parameter.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6216

SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hacks List 1.21 and earlier phpBB module allows remote attackers to execute arbitrary SQL commands via the hack_id parameter.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6215

Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php.

CVSS2: 7.5
1%
Низкий
около 19 лет назад

Уязвимостей на страницу