Количество 332 146
Количество 332 146
CVE-2006-5053
PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter.
CVE-2006-5052
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
CVE-2006-5051
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
CVE-2006-5050
Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.
CVE-2006-5049
Unspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors.
CVE-2006-5048
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.
CVE-2006-5047
Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code.
CVE-2006-5046
Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files."
CVE-2006-5045
Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.pollxt.php.
CVE-2006-5044
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
CVE-2006-5043
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.
CVE-2006-5042
Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors.
CVE-2006-5041
Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.
CVE-2006-5040
Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors.
CVE-2006-5039
Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors.
CVE-2006-5038
The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet.
CVE-2006-5037
MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.
CVE-2006-5036
MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.
CVE-2006-5035
Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5034
Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2006-5053 PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter. | CVSS2: 7.5 | 13% Средний | больше 19 лет назад |
| CVE-2006-5052 Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." | CVSS2: 5 | 15% Средний | больше 19 лет назад |
| CVE-2006-5051 Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | CVSS3: 8.1 | 2% Низкий | больше 19 лет назад |
| CVE-2006-5050 Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI. | CVSS2: 5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-5049 Unspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors. | CVSS2: 7.5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-5048 Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php. | CVSS2: 6.8 | 14% Средний | больше 19 лет назад |
| CVE-2006-5047 Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code. | CVSS2: 7.5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-5046 Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files." | CVSS2: 7.5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-5045 Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.pollxt.php. | CVSS2: 6.8 | 5% Низкий | больше 19 лет назад |
| CVE-2006-5044 Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors. | CVSS2: 7.5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-5043 Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528. | CVSS2: 6.8 | 13% Средний | больше 19 лет назад |
| CVE-2006-5042 Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors. | CVSS2: 7.5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-5041 Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors. | CVSS2: 7.5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-5040 Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors. | CVSS2: 7.5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-5039 Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors. | CVSS2: 7.5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-5038 The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. | CVSS2: 7.5 | 1% Низкий | больше 19 лет назад |
| CVE-2006-5037 MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability. | CVSS2: 6.8 | 2% Низкий | больше 19 лет назад |
| CVE-2006-5036 MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability. | CVSS2: 6.8 | 2% Низкий | больше 19 лет назад |
| CVE-2006-5035 Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | CVSS2: 4.3 | 0% Низкий | больше 19 лет назад |
| CVE-2006-5034 Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | CVSS2: 5 | 7% Низкий | больше 19 лет назад |
Уязвимостей на страницу