Количество 331 614
Количество 331 614
CVE-2006-1772
debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password.
CVE-2006-1771
Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter.
CVE-2006-1770
Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter in (1) vote.php, (2) view.php, (3) admin.php, and (4) admin/index.php.
CVE-2006-1769
Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$.
CVE-2006-1768
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2) newuser_email, and (3) newuser_hp parameters in the faction=register mode in index.php.
CVE-2006-1767
Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php.
CVE-2006-1766
Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php.
CVE-2006-1765
Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2006-1764
Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-1763
Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php).
CVE-2006-1762
Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values.
CVE-2006-1761
Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name.
CVE-2006-1760
Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php.
CVE-2006-1759
Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter.
CVE-2006-1758
SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2006-1757
Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2006-1756
MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area.
CVE-2006-1755
SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-1754
SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter.
CVE-2006-1753
A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
CVE-2006-1772 debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password. | CVSS2: 7.2 | 0% Низкий | почти 20 лет назад | |
CVE-2006-1771 Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter. | CVSS2: 7.5 | 5% Низкий | почти 20 лет назад | |
CVE-2006-1770 Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter in (1) vote.php, (2) view.php, (3) admin.php, and (4) admin/index.php. | CVSS2: 10 | 4% Низкий | почти 20 лет назад | |
CVE-2006-1769 Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$. | CVSS2: 6.8 | 2% Низкий | почти 20 лет назад | |
CVE-2006-1768 Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2) newuser_email, and (3) newuser_hp parameters in the faction=register mode in index.php. | CVSS2: 5.1 | 1% Низкий | почти 20 лет назад | |
CVE-2006-1767 Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php. | CVSS2: 7.5 | 10% Низкий | почти 20 лет назад | |
CVE-2006-1766 Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php. | CVSS2: 6.4 | 0% Низкий | почти 20 лет назад | |
CVE-2006-1765 Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | CVSS2: 6.8 | 2% Низкий | почти 20 лет назад | |
CVE-2006-1764 Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | CVSS2: 7.8 | 0% Низкий | почти 20 лет назад | |
CVE-2006-1763 Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php). | CVSS2: 5 | 1% Низкий | почти 20 лет назад | |
CVE-2006-1762 Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values. | CVSS2: 7.5 | 1% Низкий | почти 20 лет назад | |
CVE-2006-1761 Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name. | CVSS2: 2.6 | 1% Низкий | почти 20 лет назад | |
CVE-2006-1760 Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. | CVSS2: 4.3 | 1% Низкий | почти 20 лет назад | |
CVE-2006-1759 Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. | CVSS2: 2.6 | 1% Низкий | почти 20 лет назад | |
CVE-2006-1758 SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | CVSS2: 7.5 | 0% Низкий | почти 20 лет назад | |
CVE-2006-1757 Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | CVSS2: 2.6 | 0% Низкий | почти 20 лет назад | |
CVE-2006-1756 MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. | CVSS2: 7.5 | 1% Низкий | почти 20 лет назад | |
CVE-2006-1755 SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | CVSS2: 7.5 | 1% Низкий | почти 20 лет назад | |
CVE-2006-1754 SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter. | CVSS2: 7.5 | 1% Низкий | почти 20 лет назад | |
CVE-2006-1753 A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | CVSS2: 3.6 | 0% Низкий | почти 20 лет назад |
Уязвимостей на страницу