Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 703

Количество 331 703

nvd логотип

CVE-2006-2977

больше 19 лет назад

SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-2976

больше 19 лет назад

Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-2975

больше 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2006-2974

больше 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2006-2973

больше 19 лет назад

Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-2972

больше 19 лет назад

SQL injection vulnerability in vs_resource.php in Arantius Vice Stats 0.5b and 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-2971

больше 19 лет назад

Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-2970

больше 19 лет назад

videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-2969

больше 19 лет назад

Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-2968

больше 19 лет назад

Cross-site scripting (XSS) vulnerability in search.php in PHP Labware LabWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input box (query parameter).

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-2967

больше 19 лет назад

Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2006-2966

больше 19 лет назад

Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-2965

больше 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box."

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-2964

больше 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-2963

больше 19 лет назад

Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-2962

больше 19 лет назад

PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-2961

больше 19 лет назад

Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

CVSS2: 7.5
EPSS: Высокий
nvd логотип

CVE-2006-2960

больше 19 лет назад

PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-2959

больше 19 лет назад

SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-2958

больше 19 лет назад

Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

CVSS2: 2.6
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2006-2977

SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.

CVSS2: 7.5
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2976

Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.

CVSS2: 7.5
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2975

Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information.

CVSS2: 2.6
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2974

Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp.

CVSS2: 2.6
0%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2973

Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.

CVSS2: 7.5
0%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2972

SQL injection vulnerability in vs_resource.php in Arantius Vice Stats 0.5b and 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVSS2: 7.5
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2971

Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function.

CVSS2: 5
9%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2970

videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message.

CVSS2: 5
0%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2969

Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations.

CVSS2: 4.3
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2968

Cross-site scripting (XSS) vulnerability in search.php in PHP Labware LabWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input box (query parameter).

CVSS2: 4.3
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2967

Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file.

CVSS2: 2.1
0%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2966

Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme.

CVSS2: 4.3
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2965

Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box."

CVSS2: 4.3
0%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2964

Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php.

CVSS2: 7.5
4%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2963

Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter.

CVSS2: 4.3
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2962

PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter.

CVSS2: 7.5
6%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2961

Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

CVSS2: 7.5
83%
Высокий
больше 19 лет назад
nvd логотип
CVE-2006-2960

PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.

CVSS2: 7.5
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2959

SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.

CVSS2: 7.5
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-2958

Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

CVSS2: 2.6
1%
Низкий
больше 19 лет назад

Уязвимостей на страницу